FreeBSD Jumpstart Guide
Lazaro Daniel Salem
SALEM at StatoilHydro.com
Tue Mar 3 15:15:11 UTC 2009
Hi!
In this very nice article
http://www.freebsd.org/doc/en_US.ISO8859-1/articles/pxe/article.html
it is said:
Warning!!: This procedure will make the "Server" both insecure and
dangerous, it is best to just keep the "Server" on its own hub and not
in any way accessible by any machines other than the "Clients".
<http://www.freebsd.org/doc/en_US.ISO8859-1/articles/pxe/article.html>
I assume exporting NFS to the whole (sub)network and running tftp makes
the system more vulnerable though I am not sure I remember all the
details. It would help me to know more specifically what is vulnerable
so we can think of measures to make teh system configuration less
vulnerable when a single hub is not an option.
I am thinking of what can be done on systems like FreeNAS (FreeBSD 6.4
based) now that they have included tftp service as an option.
I thought I could use the scheme described in this document to netboot
thin clients from the file server at home...
I would appreciate if you could expand specifically on the
vulnerabilities so one can think of solutions.
Thanks for this project. Though not that active anymore, I am sold to
FreeBSD since 3.x.
Cheers,
Lazaro D. Salem
reply if possible to lazaro.d.salem at gmail.com
-------------------------------------------------------------------
The information contained in this message may be CONFIDENTIAL and is
intended for the addressee only. Any unauthorised use, dissemination of the
information or copying of this message is prohibited. If you are not the
addressee, please notify the sender immediately by return e-mail and delete
this message.
Thank you.
More information about the freebsd-doc
mailing list