What Are the Dangers of a Static IP?

Background

• An IP address can be likened to an address used for a residence. Just as a person resides at a given street address, such as 123 Main St., an IP address can be assigned to a device that resides on a given network. The IP address usually includes eight numbers separated by periods, such as 12.24.10.30. After the address is published on the Internet, other computers can find the device, just as an address and phone number directory allows people to find a residence or business.

  A dynamic IP address is assigned to a computer or other device from an outside source, such as an Internet service provider or local network router. The address is assigned using a system known as dynamic host configuration protocol (DHCP) and lasts for a given period, known as lease time. A static IP address, however, is entered or programmed directly into the device and does not change. In some cases, a dynamic IP address can appear to be static because the lease time is very long, but ways exist to force the lease time to expire and obtain a new dynamic IP address.

  As a user of a web browser, email service or file download/upload website, you normally don't have to be concerned about whether your IP address is static or dynamic. If you provide such services on your own network, a static IP address ensures that outside users and other computers always know how to reach your network; no issues will arise concerning lease time and expiring addresses.

Security Problems

• The convenience of static IP addressing presents a problem in terms of security. If a security issue with or in the underlying service or device is discovered, it may be readily exploited by software hackers or other malicious users. Because those users most likely record the IP address of the device featuring the exploitable software, repeat attacks are easier to coordinate. The longer it takes individuals responsible for the network to repair such exploits, the longer a window is open for future exploration and exploitation. Software and hardware vendors also have a big responsibility in this regard because their reputation could be at stake if such exploits are highly publicized.

Price of Convenience

• Network administrators use various methods to mitigate the dangers of having an IP address that does not change. First, they implement policies that prevent any kind of brute-force attack against the equipment behind the IP address. Then they ensure that only authorized people are allowed to access specific portions of the service or services under that address, including internal administrators as well as outside users. They also may require that outside users access only their network servers using well-established, current, secure client software and refuse any that do not meet those standards. They also must keep all of their own software and hardware components involved -- operating system, application and/or firewall -- updated to current security levels to avoid possible exploits. This involves working in tandem with the hardware and software manufacturers, reading industry security reports and performing their own in-house tests.

Other Responsibilities

• The concept of an IP address, either static or dynamic, originally assumed a reference to the first widely used implementation of Internet protocol, known as IPv4. The protocol has some inherent security flaws, and bugs are often introduced into how the protocol is used in various computer operating systems. Computer application designers have a responsibility to fix or work around bugs in the current IPv4 implementation, but the Internet Engineering Task Force (IETF) is responsible to -- as it stated -- "make the Internet work better." The IETF made a major step forward in this regard with the introduction of IPv6, a new standard.