securing netboot
Do I understand correctly that the netbooting Debian Live is
currently inherently insecure against both eavesdroppers and
intruders?
I see that even if the gPXE option to securily check the kernel
and initramfs images after downloading is used, NFS has still to
be secured separately.
Anyway, the process of establishing the secure connection to the
netboot server depends on a kind of secure ``token'' (say, a
private key and an X.509 certificate.) Do I understand it
correctly that, in principle, the availability of such a token
early during the boot process may allow for the whole netboot
process to be secure?
The secure token may, e. g., be embedded into the initramfs
image, which, together with the kernel, may be stored on a
removable media, such as a USB Flash or a CD-R (DVD+R) disk.
It may seem that the cost of maintenance of such a secure Debian
Live installation is more than of an ordinary USB Flash drive
loaded with Debian Live. However, it doesn't seem so anymore
when the number of the hosts to be booted exceeds tens,
considering the cost of using (and -- regularly updating!)
multiple disks or USB Flash media.
To put the last paragraph simple, the pro's of Debian Live
configured for, e. g., booting from DVD+R(W):
* works ``out of box''.
But the cons. are:
* the number of hosts up at the same moment cannot exceed the
number of the disks burned;
* each time a security fix is released, or a new package is
needed, or the configuration is to be changed, all the boot
media has to be re-written.
For now, I'm considering using IKEv2 (as provided by the
strongSwan implementation) embedded, along with a private key
and a certificate, into the initramfs image. I'd be glad to
hear any suggestions, ideas, or (well, there may be) success
stories.
--
FSF associate member #7257
Reply to: