We have had this question arise in the past with our users. The *best* option, in our opinion, is to prevent boot server spoofing at the switch level. A good Level 3 switch should you give the ability to not only filter by MAC which is a weak form of security, but also to permit dhcp-server traffic to originate only from ports connected to servers (which should have physical security provided by the server closet). Thin client ports should not be allowed to provide dhcp services, only to be dhcp clients. This would prevent someone from plugging in a dhcp server into a thin client jack.
HTH, -Gadi On Mon, 2007-07-30 at 11:24 -0400, Francis Giraldeau wrote: > Hi, > > I wish to discuss about security issues about LTSP. For example, anybody > that starts a DHCP server may make thin-clients booting on another > "alien" server. So, even with encrypted SSH connexions, the login is not > really protected. > > By now, the only way I know to secure it more is to install the client > root on a physical disk on the thin-client. By doing that, you don't > need the boot services anymore, but it requires managing installations > over thin-clients. If I don't make mistakes, this is the way that MS TS > is working. > > Is there other methods to tighten the LTSP security? > > Have a nice day, > -- -------------------------------------------------------- Gideon Romm | Proud LTSP Developer [EMAIL PROTECTED] Support LTSP! Buy your hardware at: www.DisklessWorkstations.com www.DisklessThinClients.com (use coupon code: LTSP5P for 5% off thin clients from DisklessThinClients.com) ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _____________________________________________________________________ Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto: https://lists.sourceforge.net/lists/listinfo/ltsp-discuss For additional LTSP help, try #ltsp channel on irc.freenode.net