Date: Tue, 3 Mar 2009 15:22:44 +0100 From: "Lazaro Daniel Salem" <SALEM@StatoilHydro.com> To: <doc@FreeBSD.org> Subject: FreeBSD Jumpstart Guide Message-ID: <C2119180D36EF54A97C37702A529941F0121D7A3@ST-EXCL13.statoil.net>
next in thread | raw e-mail | index | archive | help
Hi!=20 =20 In this very nice article =20 =20 http://www.freebsd.org/doc/en_US.ISO8859-1/articles/pxe/article.html =20 it is said: =20 Warning!!: This procedure will make the "Server" both insecure and dangerous, it is best to just keep the "Server" on its own hub and not in any way accessible by any machines other than the "Clients". <http://www.freebsd.org/doc/en_US.ISO8859-1/articles/pxe/article.html>; =20 =20 I assume exporting NFS to the whole (sub)network and running tftp makes the system more vulnerable though I am not sure I remember all the details. It would help me to know more specifically what is vulnerable so we can think of measures to make teh system configuration less vulnerable when a single hub is not an option.=20 I am thinking of what can be done on systems like FreeNAS (FreeBSD 6.4 based) now that they have included tftp service as an option. =20 I thought I could use the scheme described in this document to netboot thin clients from the file server at home... I would appreciate if you could expand specifically on the vulnerabilities so one can think of solutions. =20 Thanks for this project. Though not that active anymore, I am sold to FreeBSD since 3.x. =20 Cheers, Lazaro D. Salem =20 reply if possible to lazaro.d.salem@gmail.com =20 =20 =20 =20 =20 =20 =20 ------------------------------------------------------------------- The information contained in this message may be CONFIDENTIAL and is intended for the addressee only. Any unauthorised use, dissemination of = the information or copying of this message is prohibited. If you are not the addressee, please notify the sender immediately by return e-mail and = delete this message. Thank you.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C2119180D36EF54A97C37702A529941F0121D7A3>