Re: securing netboot

To: Ivan Shmakov <oneingray@gmail.com>
Cc: debian-live@lists.debian.org
Subject: Re: securing netboot
From: Richard Nelson <unixabg@gmail.com>
Date: Mon, 16 Nov 2009 11:58:49 -0600
Message-id: <[🔎] 7826424f0911160958r60aee81yb4da2dc7e0c31d9d@mail.gmail.com>
In-reply-to: <[🔎] 87k4xqfmh5.fsf@violet.siamics.ipv6.uusia.org>
References: <[🔎] 87k4xqfmh5.fsf@violet.siamics.ipv6.uusia.org>

Greetings,

On Mon, Nov 16, 2009 at 10:44 AM, Ivan Shmakov <ivan@main.uusia.org> wrote:
>        Do I understand correctly that the netbooting Debian Live is
>        currently inherently insecure against both eavesdroppers and
>        intruders?
>
>        I see that even if the gPXE option to securily check the kernel
>        and initramfs images after downloading is used, NFS has still to
>        be secured separately.
>
>        Anyway, the process of establishing the secure connection to the
>        netboot server depends on a kind of secure ``token'' (say, a
>        private key and an X.509 certificate.)  Do I understand it
>        correctly that, in principle, the availability of such a token
>        early during the boot process may allow for the whole netboot
>        process to be secure?
>
>        The secure token may, e. g., be embedded into the initramfs
>        image, which, together with the kernel, may be stored on a
>        removable media, such as a USB Flash or a CD-R (DVD+R) disk.
>
>        It may seem that the cost of maintenance of such a secure Debian
>        Live installation is more than of an ordinary USB Flash drive
>        loaded with Debian Live.  However, it doesn't seem so anymore
>        when the number of the hosts to be booted exceeds tens,
>        considering the cost of using (and -- regularly updating!)
>        multiple disks or USB Flash media.
>
>        To put the last paragraph simple, the pro's of Debian Live
>        configured for, e. g., booting from DVD+R(W):
>
>        * works ``out of box''.
>
>        But the cons. are:
>
>        * the number of hosts up at the same moment cannot exceed the
>          number of the disks burned;
>
>        * each time a security fix is released, or a new package is
>          needed, or the configuration is to be changed, all the boot
>          media has to be re-written.
>
>        For now, I'm considering using IKEv2 (as provided by the
>        strongSwan implementation) embedded, along with a private key
>        and a certificate, into the initramfs image.  I'd be glad to
>        hear any suggestions, ideas, or (well, there may be) success
>        stories.
>


Well you could use mac addresses and dhcp for some layer of security
and also you could boot http.iso and only use pxe to get started. Back
when hook= was originally introduced I booted to boot prompt where
users had to use hook=http://username:password@hostname/  to pull in
the custom hooks for a given set of users. I am not sure if hook= is
working or not.

Anyhow hope this information assists.


> --
> FSF associate member #7257
>
>
> --
> To UNSUBSCRIBE, email to debian-live-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>

Reply to:

Follow-Ups:
- Re: securing netboot
  - From: Ivan Shmakov <ivan@main.uusia.org>

References:
- securing netboot
  - From: Ivan Shmakov <ivan@main.uusia.org>

Prev by Date: securing netboot
Next by Date: Re: mesahes and modules!
Previous by thread: securing netboot
Next by thread: Re: securing netboot
Index(es):
- Date
- Thread