I've been pondering what would be required to make the network installation system 'secure' against an active network attack.
Naturally, this is only useful for CD based installs, as there we have some trust over the local software, but from that base we can do some things: The security I'm proposing relies on SMB signing as an effective security system to prevent a spoofed server. In fact it has flaws, but it's what we have... If the boot disk required smb signing on the CIFS connection, and particularly if NTLMv2 or kerberos was required (I think these may not yet be in the CIFS VFS), then the shared-secret of the boot disk password would 'secure' that session. Subsequently, appropriate hooks could be made so that the domain join, and in particular the application installation, also required NTLMv2 and smb signing (I presume registry foo would handle it, the keys to use a published). That would prevent server spoofing at this point. At the end of all that, we would have some assurance that the programs installed on the new workstation are indeed legit. Andrew Bartlett -- Andrew Bartlett [EMAIL PROTECTED] Authentication Developer, Samba Team http://samba.org Student Network Administrator, Hawker College [EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part
