Hi all,
I must first thank all those who replied, as usual quick and informative:
George Gallen <ggallen_at_slackinc.com>, Graham Allan
<ALLAN_at_mnhep1.hep.umn.edu>, Susan Rodriguez <SUSROD_at_HBSI.COM>, Joshua Rowe
<rowe_at_eksystems.com>, "richard n. frank" <rootrnf_at_wolfram.llnl.gov>,
MC.Vialatte_at_cust.univ-bpclermont.fr, nmichal_at_ups.edu, Tom Webster
<webster_at_ssdpdc.lgb.cal.boeing.com>, Caine the Wanderer
<ctflist_at_jane.penn.com>, Mikel Stous <stous_at_ctr.cstp.umkc.edu> and Santosh
Krishnan x2815 <santosh_at_heplinux1.uta.edu>
In my original poster, I asked fellow system administrators their comments
about enabling a remote NCD diskless terminal to boot from our main server
and associated potential security holes within tftp (trivial ftp).
The general consensus is that the newer version of tftp do not pose no
significant risk since one can restricted access to a certain directory
Out of the 11 replies only one administrator opted not to use ftpd. Tom
Webster's summarised the usage nicely:
Tom Webster wrote on Thu Jul 16 11:14:20 1998:
>It depends on your level of paranoia. The current implementations of
>tftp are better than the old ones. One of the big improvements is that
>you can specify a directory for files, and only files in that directory
>will be served. Since you will control the directory, you just need to
>make sure that the write bit is turned off on all files in the directory
>to prevent someone for overwriting a boot file.
>
>I would also advise you to install TCPwrappers on your system to limit the
>systems that can access the tftp server. The NCD terminal will have
>already been assigned its IP address before it requests its boot file (at
>least this is the way that our DECservers act). This will allow you to
>limit the systems that can try to cause you greif, and log all attempted
>connections to the tftp server.
>
>It isn't perfect: someone could power off the NCD terminal, assume its IP
>address and then access the tftp server.... If you have properly secured
>tftp server all it should allow them to do is download the boot file, so
>it should be pretty safe on an intranet."
Joshua Rowe commented that it's safer to keep the terminal
booting on the same network as it's easier to compromise a bootstrap
sequence over a larger network. In addition, several administrators sent
extracts from their /etc/inetd.conf file:
-- cut --
tftp dgram udp wait root /usr/sbin/tcpwrapper/tcpd tftpd -r /tftpboot
-- cut --
The use of tcpwrappers was widely recommended and must be considered since
one can prevent use of the server outside of certain addresses.
Thanks for all the advice.
Regards,
Rich
/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/ _ \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\
/_/ Richard A Bemrose /_\ Polymers and Colloids Group \_\
/_/ email: rb237_at_phy.cam.ac.uk /_\ Cavendish Laboratory \_\
/_/ Tel: +44 (0)1223 337 267 /_\ University of Cambridge \_\
/_/ Fax: +44 (0)1223 337 000 /_\ Madingley Road \_\
/_/ (space for rent) / \ Cambridge, CB3 0HE, UK \_\
/_/_/_/_/_/_/
http://www.poco.phy.cam.ac.uk/~rb237 \_\_\_\_\_\_\
"Life is everything and nothing all at once"
-- Billy Corgan, Smashing Pumpkins
Received on Thu Jul 16 1998 - 17:46:42 NZST