Hi, > I'm inclined to agree that IPSec closes more holes than ssh or ssl do. > However, I still see a couple of problems I haven't been able to see a > fix for. (Yes, this is a request for help!) > > 1. Ideally, we could use IPSec to authenticate each *workstation* long > before we ask for names or passwords. However, each workstation starts > up without a key every time it starts (it either builds one, or gets it > from a central server somehow). I think this means that we cannot use > the IPSec keys to authenticate the workstation. How can we prove that > the workstation isn't an outsider trying to get into our network?
There is indeed a need for a key on a stable storage or a password protecting the connection, anyway something which isn't fetched from the server. > 2. How can we prevent man-in-the-middle attacks? Is it possible without > workstation authentication? I think it is impossible to avoid man-in-the-middle attacks with tftp: the tftp request is broadcast, and an attacker may have installed a malicious tftp server. If the attacker also increase the load on the real server such that it cannot respond to tftp requests, it should be easy to send a malicious kernel/initrd to the workstation. At that point there is nothing that can be done to avoid the attacker doing anything he wants on the workstation with malicious kernel. Pat ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.openprojects.net
