how do you distribute secrets ?
Toni Mueller
support-fai at oeko.net
Thu Apr 22 15:45:49 CEST 2004
Hi,
On Thu, 22.04.2004 at 11:38:10 +0200, Thomas Lange <lange at informatik.Uni-Koeln.DE> wrote:
> Can you realy achieve real security during installation? PXE is a
> broadcast protocol, tftp is also very insecure, NFS is also not so
> secure, so how can the install client verify that it gets its
> information from the right install server and not from a bad guy? How
> can a install server verify that the install client is not cheating its
> MAC or IP address?
if you control the entire network *AND* have an appropriate
installation, you can ensure that a client at port X of switch Y must
have a specific MAC address. Eg on Cisco Catalyst with MAC ACLs.
I'm not sufficiently familiar with DHCP to tell how to distribute
information about required certificates, and where/how to get them,
could be distributed via DHCP, but once you ask the right TFTP server
for some code, you "only" need to ensure that
- your data on said TFTP server is not compromized (can be done eg by
serving data from a CD-ROM), and
- that nobody alters your data in transit.
If you don't have sufficient control over your network, I can only see
that you abstain from installing sensitive things via FAI.
> would be nice for security. Or we should create a small partition
> which includes this data and will never be deleted.
Hmmm... I see the point of FAI rather in installing new machines from
scratch, like after a disk crash. Then you don't have a small partition
on your new disk, otherwise you can dd the whole disk in the first
place and only (maybe) fix up the configuration later using FAI.
Best,
--Toni++
More information about the linux-fai
mailing list