# DHCP Security Considerations One-sentence definition: Hardening address assignment to prevent rogue servers and starvation. ## Key Facts - Threats: rogue DHCP, starvation, option abuse. - Controls: DHCP snooping, trusted ports, IP Source Guard, rate limits. - Static/reserved IPs for infra; log leases for forensics. - Isolate services to management VLANs; protect relay (IP helper). - **Verify:** check official (ISC)² CBK and current exam outline. ## Exam Relevance - Pick DHCP snooping to block rogue servers. **Mnemonic:** “**Snoop** to stop spoof.” ## Mini Scenario Q: Clients receive bad gateway via rogue—fix? A: Enable DHCP snooping and trust only uplinks. ## Revision Checklist - Name two threats. - Two switch features to enable. - Logging need. ## Related [[ARP and ARP Poisoning]] · [[Network Access Control (802.1X, NAC)]] · [[VLANs and Segmentation]] · [[Routing Basics (IGP vs EGP, Static vs Dynamic)]] · [[Secure Management and Out-of-Band (OOB)]] · [[Domain 4 - Index]]