We have had this question arise in the past with our users. The *best*
option, in our opinion, is to prevent boot server spoofing at the switch
level. A good Level 3 switch should you give the ability to not only
filter by MAC which is a weak form of security, but also to permit
dhcp-server traffic to originate only from ports connected to servers
(which should have physical security provided by the server closet).
Thin client ports should not be allowed to provide dhcp services, only
to be dhcp clients. This would prevent someone from plugging in a dhcp
server into a thin client jack.
HTH,
-Gadi
On Mon, 2007-07-30 at 11:24 -0400, Francis Giraldeau wrote:
> Hi,
>
> I wish to discuss about security issues about LTSP. For example, anybody
> that starts a DHCP server may make thin-clients booting on another
> "alien" server. So, even with encrypted SSH connexions, the login is not
> really protected.
>
> By now, the only way I know to secure it more is to install the client
> root on a physical disk on the thin-client. By doing that, you don't
> need the boot services anymore, but it requires managing installations
> over thin-clients. If I don't make mistakes, this is the way that MS TS
> is working.
>
> Is there other methods to tighten the LTSP security?
>
> Have a nice day,
>
--
--------------------------------------------------------
Gideon Romm | Proud LTSP Developer
[EMAIL PROTECTED]
Support LTSP! Buy your hardware at:
www.DisklessWorkstations.com
www.DisklessThinClients.com
(use coupon code: LTSP5P for 5% off thin clients from DisklessThinClients.com)
-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.freenode.net
