As part of the installation process for the LuJam ACPU (Advanced Cyber Protection Unit), you will be asked to disable DHCP on your gateway (the hardware provided by your Internet Service provider, such as BT or Virgin).
It's therefore perfectly reasonable to wonder what DHCP is, and why we get you to disable it in your current network. If, after reading this article, you have further questions, don't hesitate to get in touch with the LuJam team at firstname.lastname@example.org.
What does DHCP do?
DHCP is one of the building blocks that make connecting your devices to a home or office network a lot simpler. DHCP stands for Dynamic Host Configuration Process - it basically allows your devices to join a network without having any prior knowledge of the settings it needs to know to function correctly. You can find a good technical introduction on Wikipedia. It's role is similar to that of a helpful parking attendant: they'll direct you to a free parking space, tell you how long you can park for, and point out where the local amenities are. In the case of a network, the parking space is the device's IP address, and the local amenities are the gateway to the Internet and the DNS servers to use (similar to a telephone directory for web services).
Why does LuJam require DHCP to be disabled on my gateway?
The LuJam ACPU provides a DHCP service already, so disabling DHCP on your gateway still provides your devices with the support they need. The advantage of only using the LuJam DHCP service is as follows:
- devices are correctly configured so they lookup web sites via the LuJam ACPU, thereby ensuring they are blocked from accessing any suspicious sites.
- the ACPU can alert whenever a new device tried to join the network.
- any devices that have been either blocked or banned will not be able to access the Internet or the local network.
- the ACPU can monitor lookups to check for suspicious changed in behaviour of your devices
While you can run two DHCP servers in the same environment, it will mean that random chance will determine if your devices are being protected by the LuJam ACPU. As a DHCP lease can last for a day or two, your devices could be unprotected for long periods of time. We therefore strongly recommend that the LuJam ACPU provides the only DHCP server on your network. In fact, the ACPU looks out for other DHCP servers on the network and alerts if it finds one: this can be a sign that someone on the network may be doing something malicious.
I'm a power user, can I configure the usual DHCP settings?
The short answer is yes. To set the more common DHCP settings, logon to the portal and go to the DHCP tab under the settings. This should be very familiar if you're used to managing DHCP properties. The advanced properties, such as setting NTP servers, may have a different syntax, but our support team can work with you to get it right.
What about allocating static IP addresses?
While DHCP can be very convenient for devices such as laptops, phones, etc. it is sometimes necessary to permanently assign an IP address to a machine, such as a printer or a storage system. Right now, the LuJam ACPU won't allocate an IP address of a system that's currently connected, so there won't be collisions with your printers. Furthermore, once a device is assigned an IP, the LuJam DHCP will try and make sure it keeps this address over time. However, this is not guaranteed, particularly if the network has a large number of devices or the device rarely connects. However, it doesn't have the capability to assign a static addresses to a specific device via DHCP: this is something we're hoping to address real soon now. Watch this space!