FAI and sensitive installation data

Ryan S. Upton rupton at eprivacygroup.com
Fri Apr 11 19:33:55 CEST 2003


                                    |TRUSTe Certified Trusted Sender|
                                    |     See bottom to verify      |

This assumes that you're doing FAI installs on a semi-trusted or
untrusted network segment. This is "not optimal" and by that I mean
completely unsafe. Even if you protect the confidentiality and integrity
of the sensitive information, there is nothing keeping a client from
compromising the host being created in a vast assortment of other ways;
using the default password for the root account for instance, MITM or
eavesdropper attacks, etc. If you are bootstrapping as with normal FAI
this is TFTP we are using for the kernel, none of this is a secure way
of preparing a host; there is a necessity for the FAI network segment 
to be protected against threats by either air-gap or at least a really
restrictive firewal ruleset (which would incluude ssh, first example
above)

I strongly recommend that you protect the entire network segment you are
using to make FAI possible, including the FAI 'server'. 

-R

Ryan S. Upton, CISSP.



On Fri, Apr 11, 2003 at 12:18:41PM +0200, luzian.scherrer at id.unizh.ch wrote:
> Hello,
> 
> How do you handle the installation of sensitive data with FAI? With
> sensitive data I mean for example programms that must contain password
> to authenticate against others or private keys to be installed on a
> host. The way FAI works, this data is available "freely" to everyone
> that can describe as client to be installed, isn't it? It becomes a
> problem if you are installing clients that are then used by different
> people with different accesses (root etc.).
> 
> My proposal is this: extend fcopy with a `--secure' switch. When called
> this way, it first reads the hosts private key and then decrypts the
> data to be copied before actually installing it. This per host private
> key is stored on a floppy or CD-ROM residing in the clients drive. I
> think this would be the only way to be able to really authenticate FAI
> clients. (This assumes of course, that those using the clients do not
> have physical access to the machines).
> 
> What do you think about it?
> 
> Thanks,
> -Luzian
> -- 
> University of Zurich, Central Computing  <luzian.scherrer at id.unizh.ch> 
> Tel: +41 1 63 56778   --   Fax: +41 1 63 54505   --   Office: Y11-F-76
> 

_____________________________________________________________________
From: rupton at eprivacygroup.com
To: linux-fai at rrz.uni-koeln.de
11 Apr 2003

"ePrivacy Group" is a TRUSTe Certified Trusted Sender
Follow Link to Verify at verify.trustedsender.org
<http://verify.trustedsender.org/start_verify.php?AAIxxuWAN17qb-ljLrKVLetWzY77KydTGdYkdtBAc7xhbWoJAEWEf5EI7aOx9h7FoVA8hx0z1kz9qcByGFDcqnl0882RKbSowhsPpb8kQAAAAAAAAAAAAAHLwlinux-fai@rrz.uni-koeln.de:rupton@eprivacygroup.com:UmU6IEZBSSBhbmQgc2Vuc2l0aXZlIGluc3RhbGxhdGlvbiBkYXRh>
_____________________________________________________________________



More information about the linux-fai mailing list