Announcement on Required Registration for DHCP Addresses
One
sentence advice: "Start up a web browser and open a web page."
The Laboratory is migrating its Dynamic Host Configuration Protocol (DHCP) support to a model based on requiring system registration information. DHCP service is commonly used to obtain network addresses on the facility network. Historically, DHCP addresses have been granted transparently to any system that simply connected to the facility network. Computer security concerns about who is accessing the network have necessitated a change in the DHCP service. A project to require registration information on systems using the facility network has been under development and is now ready for deployment.
Two key points should be stressed:
· Systems that are properly registered in the permanent system registration database (MISCOMP) will notice no difference in the way their system receives a DHCP address. It will be issued automatically and transparently, just as it has been in the past.
·
Systems that are not permanently registered in
the MISCOMP database will be provided a simple, quick means of registering and
receiving a temporary, but usable DHCP address.
The registration process is similar to those commonly used by
hotels. The required registration
information is very basic, and will not present problems to users. The registration process is initiated by
following the one sentence advice listed at the top.
Since
mid-December, the DHCP registration service has been tested within the
Computing Division subnets in Wilson Hall and the
http://fndcg0.fnal.gov/DHCP
Registration Rollout and Schedule.htm
Permanent
Registration of systems for DHCP addresses can only be done from On-site or via
the VPN:
The primary
interface for system registration is the MISNET web page at:
http://fncdug1.fnal.gov:7777/pls/nodereg/node_registration.html
Completion
of this form will enter the system into the lab's database within 24 hours.
Crucial information is system name,
http://miscomp.fnal.gov:7777/pls/miscomp/registered.html
Or go to:
https://fncdug1.fnal.gov/misnet/systemName.html
where
they can look up a system by node name, hardware address, or other keys.
To
change information on a system already registered, go to:
http://fncdug1.fnal.gov:7777/pls/nodereg/node_registration.html
When
the new DHCP registration service starts, systems with unregistered
Visitors
and Unregistered systems:
When an
unregistered system requests a DHCP address, it will be granted a short-lived,
restricted, network address. Trying to access any web page or telnet session
will bring up the DHCP registration page. The registration page asks for basic
contact information (name, email, institution, etc) and should take only about
a minute to fill out. While the user is completing the registration form, a
basic vulnerability scan will be performed. If the system passes the scan, a
DHCP lease good for the rest of that day will be provided. If there are
problems, the user will be directed to appropriate help.
If the
system will be at FNAL for longer than a few days, it should be registered in
the permanent database. Temporary registration will only be
allowed five times in a 30-day period.
If you
need further help determining whether the systems you use are registered
or
how to prepare your guests for visits, contact your General Computer Security
Coordinator.
List of GCSC's:
http://computing.fnal.gov/security/#contacts
Additional
information:
FAQ on
DHCP Registration Service: http://fndcg0.fnal.gov/dhcp-faq.htm
Phil DeMar
Last modified: September 28, 2004