CIS Safeguard 1.4: Use DHCP Logging to Update Enterprise Asset Inventory

Written with contributions from Bryon Singh, Director of Security Operations, RailWorks Corporation

Keeping tabs on every device connected to your network is crucial for maintaining security and functionality. CIS Safeguard 1.4, "Use Dynamic Host Configuration Protocol (DHCP) Logging to Update Enterprise Asset Inventory," helps achieve this with the meticulous accuracy of Hermione Granger from the Harry Potter series.

The Hermione of Networks

Much like Hermione Granger, known for her encyclopedic knowledge and impeccable organization, DHCP logging systematically records every device that connects to the network. Just as Hermione keeps detailed notes on her studies, DHCP logs maintain a comprehensive record of IP addresses assigned to each device, ensuring no stone—or network device—goes unturned.

The Magical Book of Logs

Think of DHCP logs as Hermione's enchanted bag, capable of holding endless items without ever losing track of them. These logs provide a detailed account of all devices, dynamically updating the asset inventory whenever a new device connects. This magical book of logs keeps the network inventory current, reflecting every addition or change with precision.

Consistency is Key

Hermione’s success often lies in her dedication and consistency, traits mirrored by the continuous updating of the asset inventory through DHCP logging. By diligently recording device connections, organizations can swiftly identify unauthorized or unexpected devices, just as Hermione would immediately notice a missing or out-of-place item in her neatly organized bag.

By enabling and reviewing DHCP logs, you gain insights into:

• What devices are connecting: Identify everything from laptops and smartphones to printers and IoT devices
• When they connect: Track connection times to spot unusual activity
• How often they connect: Understand device usage patterns

This information feeds directly into your asset inventory, ensuring it remains up-to-date and comprehensive.

Resources

Here’s a link to the Enterprise Asset Management Policy Template for CIS Control 1provided free of charge from the fine folks at the Center for Internet Security.

Looking for even more detail. Here you go. If this still doesn’t satisfy your curiosity, DM me.

CIS Control 1 – Inventory and Control of Enterprise Assets

Actively manage (inventory, track, and correct) all enterprise assets (end-user devices, including portable and mobile; network devices; non-computing/Internet of Things (IoT) devices; and servers) connected to the infrastructure physically, virtually, remotely, and those within cloud environments, to accurately know the totality of assets that need to be monitored and protected within the enterprise. This will also support identifying unauthorized and unmanaged assets to remove or remediate.

CIS Safeguard 1.4 - Use DHCP Logging to Update Enterprise Asset Inventory

Use DHCP logging on all DHCP servers or Internet Protocol (IP) address management tools to update the enterprise’s asset inventory. Review and use logs to update the enterprise’s asset inventory weekly, or more frequently.

This article is a repeat of a blog posted on Gotham Technology Group website: https://www.gothamtg.com/blog/cis-safeguard-14-use-dhcp-logging-to-update-enterprise-asset-inventory

Shameless Marketing Plug

Gotham has partnered with Axonius, the leader in the Cyber Asset Attack Surface Management space. Axonius has solved the problem of "you can't protect what you can't see" by providing a credible, comprehensive inventory of every asset, user, software, cloud resource and SaaS application. It then dives into the security gaps of agent based tools misisng from systems, ip ranges missing from scanners and users out of policy. Contact me for a 30 minute demo of how Axonius can change your life.