2.1.4 Set 'no service dhcp'

Information

Disable the Dynamic Host Configuration Protocol (DHCP) server and relay agent features on your router.

The DHCP server supplies automatic configuration parameters, such as dynamic IP address, to requesting systems. A dedicated server located in a secured management zone should be used to provide DHCP services instead. Attackers can potentially be used for denial-of-service (DoS) attacks.

Solution

Disable the DHCP server.

hostname(config)#<strong>no service dhcp</strong>

Impact:

To reduce the risk of unauthorized access, organizations should implement a security policy restricting network protocols and explicitly require disabling all insecure or unnecessary protocols such as the Dynamic Host Configuration Protocol (DHCP).

See Also

https://workbench.cisecurity.org/benchmarks/12917

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-4, CSCv7|9.2

Plugin: Cisco

Control ID: 28167a2c23364aa5fb269b8073541ab2136237569448f49847c15b7992d550d7