CIS Safeguard 1.4: Use DHCP Logging to Update Enterprise Asset Inventory

CIS Safeguard 1.4: Use DHCP Logging to Update Enterprise Asset Inventory

By Steve Gold
Posted in Security
On January 07, 2025

Written with contributions from Bryon Singh, Director of Security Operations, RailWorks Corporation

Keeping tabs on every device connected to your network is crucial for maintaining security and functionality. CIS Safeguard 1.4, "Use Dynamic Host Configuration Protocol (DHCP) Logging to Update Enterprise Asset Inventory," helps achieve this with the meticulous accuracy of Hermione Granger from the Harry Potter series.

The Hermione of Networks

Much like Hermione Granger, known for her encyclopedic knowledge and impeccable organization, DHCP logging systematically records every device that connects to the network. Just as Hermione keeps detailed notes on her studies, DHCP logs maintain a comprehensive record of IP addresses assigned to each device, ensuring no stone—or network device—goes unturned.

The Magical Book of Logs

Think of DHCP logs as Hermione's enchanted bag, capable of holding endless items without ever losing track of them. These logs provide a detailed account of all devices, dynamically updating the asset inventory whenever a new device connects. This magical book of logs keeps the network inventory current, reflecting every addition or change with precision.

Consistency is Key

Hermione’s success often lies in her dedication and consistency, traits mirrored by the continuous updating of the asset inventory through DHCP logging. By diligently recording device connections, organizations can swiftly identify unauthorized or unexpected devices, just as Hermione would immediately notice a missing or out-of-place item in her neatly organized bag.

By enabling and reviewing DHCP logs, you gain insights into:

  • What devices are connecting: Identify everything from laptops and smartphones to printers and IoT devices
  • When they connect: Track connection times to spot unusual activity
  • How often they connect: Understand device usage patterns

This information feeds directly into your asset inventory, ensuring it remains up-to-date and comprehensive.

Resources

Here’s a link to the Enterprise Asset Management Policy Template for CIS Control 1provided free of charge from the fine folks at the Center for Internet Security.

Looking for even more detail. Here you go. If this still doesn’t satisfy your curiosity, DM me.

CIS Control 1 – Inventory and Control of Enterprise Assets

Actively manage (inventory, track, and correct) all enterprise assets (end-user devices, including portable and mobile; network devices; non-computing/Internet of Things (IoT) devices; and servers) connected to the infrastructure physically, virtually, remotely, and those within cloud environments, to accurately know the totality of assets that need to be monitored and protected within the enterprise. This will also support identifying unauthorized and unmanaged assets to remove or remediate.

CIS Safeguard 1.4 - Use DHCP Logging to Update Enterprise Asset Inventory

Use DHCP logging on all DHCP servers or Internet Protocol (IP) address management tools to update the enterprise’s asset inventory. Review and use logs to update the enterprise’s asset inventory weekly, or more frequently.

Steve Gold

Steve Gold

Steve Gold is the Cybersecurity Practice Director at Gotham Technology Group (Gotham). He is responsible for providing the vision and thought leadership to expand Gotham’s legacy of success and build a world-class cybersecurity practice. He works closely with Gotham’s customers, industry partners, and subject matter experts to develop relevant solutions for Gotham’s clients and prospects.

Prior to joining Gotham, Steve worked with the Center for Internet Security (CIS), where he expanded the global reach, revenue, and impact of the CIS Benchmarks, CIS Controls, and CIS Hardened Images. He led the efforts to promote the CIS portfolio of low-cost and no-cost cybersecurity products and services that help private and public organizations stay secure in the connected world. He grew a team of security specialists from 12 to over 40 to assist organizations with implementing security best practices in their continual journey of cybersecurity maturity.

During his more than 20-year career, Steve led teams responsible for developing and implementing technology solutions at some of the industry’s most recognized companies such as Varonis, VMware, Dell & Wyse Technology

Steve is a frequent speaker/moderator at industry conferences and webinars, covering a wide array of information security topics. He resides and works remotely in Baltimore, MD.