Written with contributions from Bryon Singh, Director of Security Operations, RailWorks Corporation
Keeping tabs on every device connected to your network is crucial for maintaining security and functionality. CIS Safeguard 1.4, "Use Dynamic Host Configuration Protocol (DHCP) Logging to Update Enterprise Asset Inventory," helps achieve this with the meticulous accuracy of Hermione Granger from the Harry Potter series.
The Hermione of Networks
Much like Hermione Granger, known for her encyclopedic knowledge and impeccable organization, DHCP logging systematically records every device that connects to the network. Just as Hermione keeps detailed notes on her studies, DHCP logs maintain a comprehensive record of IP addresses assigned to each device, ensuring no stone—or network device—goes unturned.
The Magical Book of Logs
Think of DHCP logs as Hermione's enchanted bag, capable of holding endless items without ever losing track of them. These logs provide a detailed account of all devices, dynamically updating the asset inventory whenever a new device connects. This magical book of logs keeps the network inventory current, reflecting every addition or change with precision.
Consistency is Key
Hermione’s success often lies in her dedication and consistency, traits mirrored by the continuous updating of the asset inventory through DHCP logging. By diligently recording device connections, organizations can swiftly identify unauthorized or unexpected devices, just as Hermione would immediately notice a missing or out-of-place item in her neatly organized bag.
By enabling and reviewing DHCP logs, you gain insights into:
- What devices are connecting: Identify everything from laptops and smartphones to printers and IoT devices
- When they connect: Track connection times to spot unusual activity
- How often they connect: Understand device usage patterns
This information feeds directly into your asset inventory, ensuring it remains up-to-date and comprehensive.
Resources
Here’s a link to the Enterprise Asset Management Policy Template for CIS Control 1provided free of charge from the fine folks at the Center for Internet Security.
Looking for even more detail. Here you go. If this still doesn’t satisfy your curiosity, DM me.
CIS Control 1 – Inventory and Control of Enterprise Assets
Actively manage (inventory, track, and correct) all enterprise assets (end-user devices, including portable and mobile; network devices; non-computing/Internet of Things (IoT) devices; and servers) connected to the infrastructure physically, virtually, remotely, and those within cloud environments, to accurately know the totality of assets that need to be monitored and protected within the enterprise. This will also support identifying unauthorized and unmanaged assets to remove or remediate.
CIS Safeguard 1.4 - Use DHCP Logging to Update Enterprise Asset Inventory
Use DHCP logging on all DHCP servers or Internet Protocol (IP) address management tools to update the enterprise’s asset inventory. Review and use logs to update the enterprise’s asset inventory weekly, or more frequently.