Re: Netbooting (PXE) Wireless and Diskless Clients?
From: jpd (read_the_sig_at_do.not.spam.it.invalid)
Date: 8 Oct 2005 14:46:48 GMT
On 2005-10-08, pachl <firstname.lastname@example.org> wrote:
[netbooting over wireless]
> Yes, I understand that the implemented security mechanisms are botched.
> It just seems like this should be feasible.
Well, in theory, yes, but in practice, you'd need to implement some
sort of 11x or wpa2 client in your bootrom. ISTR PXE not being powerful
enough to do this. So at least on wintel you can basically forget it.
Other platforms might have powerful enough remote boot mechanisms but in
this world as it is today there is no cheap option to do it securely.
> Would setting up a diskless client with a wired NIC connected directly
> to a wireless access point, which is functionally equivalent, be just
> as insecure? Would restricting communications between the LAN and the
> client's external WAP using MACs suffice?
Yes, unless the boot image resides on the AP and thus doesn't travel
through the air. No, they can be spoofed.
> What I'm trying to do is setup thin clients with only sound, video, and
> a wireless keyboard to place near each TV around the house.
I'd probably opt for booting from flash (CF/disk-on-flash/whatever)
and then, if it isn't enough, have it download additional stuff from
your application server.
> These clients will then stream video and music from a cental server. I
> thought, if I ever wanted to update the software I would only have to
> do it at the server. My other problem is I can't run network cable to
> most of the clients.
The problem is that you can't securely boot over wireless, but if you
have a way of booting and establishing secure communications, you can do
whatever you want after that. Whether you d/l applications every time or
rather have the thing store them locally and only casually update them
is up to you. This just leaves you with the minor problem of updating
the system itself in the face of security problems, but even there you
have multiple options. The simplest would be bringing all affected boxes
in for fixing over a wire, on the premises that it won't be necessairy
> I guess I'm dreaming. I have several CF and CF-to-IDE adapters laying
> around. So I guess I could put a minimal amount of software on CF to
> get the system wireless. Any suggestions?
You're asking in cubfm? Well...
-- j p d (at) d s b (dot) t u d e l f t (dot) n l .