7
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
11
TITLE="Security, 1 July 1997"
12
HREF="a784.html"><LINK
14
TITLE="ETHERNET AND ITS PROTOCOLS"
15
HREF="x818.html"><LINK
18
HREF="x826.html"></HEAD
24
SUMMARY="Header navigation table"
49
>C. Security, 1 July 1997</TD
73
> BOOTP and TFTP offer almost no security whatsoever. They basically
74
provide their information to anybody who asks and solely rely on the
75
assumption that your network is configured to not make the server
76
world-accessible. If you install BOOTP gateways, then this assumption
77
is seriously violated. Also, TFTP server are usually accessible from
78
just about everywhere. You can try to diminish the impact of this
79
problem by blocking BOOTP and TFTP packets from leaving or entering
80
your network segment, but this will never be a completely secure
84
> Thus you should always assume that all of the files that your BOOTP
85
and TFTP server offer are world readable. They must not contain any
86
sensitive data. Also, the TFTP daemon must be configured to only
87
allow access to selected files. Running it in a chroot'd environment
88
might be a very good idea.
91
> The BOOTP protocol is vulnerable against somebody else impersonating
92
as a BOOTP server. While security aware operating systems, prevent
93
non-privileged users from starting their own BOOTP servers, other
94
operating systems do not allow this. This means, if any of your users
95
can launch an arbitrary program under an insecure operating system on
96
an arbitrary machine connected to your ethernet segment, then they
97
have full control over the BOOTP boot process.
105
SUMMARY="Footer navigation table"
144
>ETHERNET AND ITS PROTOCOLS</TD
b'\\ No newline at end of file'