FromSitesTree.com

Resources: PXE Boot, PXE Network, PXE Network Security, PXE Boot Over the Internet #Security #By Sayed Ahmed #Misc. Reading

Leave a comment

PXE Boot:

Boot your computer over the network, load boot image from a PXE server.
Your computer BIOS will have an option to enable PXE boot. If you are not using PXE boot i.e. Network Boot, it is recommended that you keep it disabled.
One note: In your "my computer" properties, there is an option to enable or disable : allow remote access. Keep it turned off.

---

Anyway, how to use PXE and How to Configure PXE based Network
You can check one discussion and video at : http://www.howtogeek.com/57601/what-is-network-booting-pxe-and-how-can-you-use-it/ (I did not check; so do not know how good or bad it is)
On 2001, I was part of setting up a network based on PXE.

--

Advantages of PXE Network:
http://serverfault.com/questions/606229/kvm-advantages-of-installing-from-pxe

"

Works on real servers as well as virtual ones without changing anything, so you need to set-up the infrastructure only once.
It's easy to automate installations from start to finish (technically possible with DVDs but usually requires more work)
Once you have the infrastructure set-up, adding a new version of your distribution or some alternative install method is a piece of cake
No losing of DVDs, USB sticks, etc.
I find it's faster than installing from local media; my network can provide the packages faster than optical drives and most USB sticks.

"
--
PXE can help in deploying aspect of applications
https://technet.microsoft.com/en-us/magazine/2008.07.desktopfiles.aspx

---

Can you use PXE over the internet.
it might be possible though implement strict security
http://www.computerhope.com/forum/index.php?topic=133268.0

---

Security risks for PXE:

Some Security Risks for PXE

https://technet.microsoft.com/en-ca/library/cc755837(v=ws.10).aspx
"PXE does not provide a way to prevent an unknown server from performing remote installations on PXE-enabled client computers. If a server can establish a connection with the clients, it can perform remote installations on them.

PXE does not provide a way to fully prevent packet spoofing. This means that packets sent by an attacker could be received by a client computer and incorporated into that client computer's installation.

PXE does not provide a way to prevent an unknown PXE-enabled computer from installing from a server if the PXE-enabled computer can connect to the network. RIS provides some security not inherent in PXE, however, because RIS performs remote installation only after the user has logged on. A user who lacks a valid user name and password cannot use RIS to perform an installation.

In addition, you can achieve a somewhat greater degree of security with RIS if you pre-stage your client computers and configure your RIS servers to respond only to known (pre-staged) clients. Then, if an intruder succeeds in connecting an unknown, PXE-enabled client computer to your RIS server, no installation files will be sent to that client computer. The intruder will not gain information about the configuration you use on your RIS client computers. For more information about pre-staging, see Pre-stage client computers."

http://www.symantec.com/connect/articles/what-security-risks-are-associated-using-pxe-and-how-can-i-reduce-them

 

Understanding Security Considerations for the PXE Boot Process in Windows HPC Server 2008 R2

https://technet.microsoft.com/en-us/library/gg250682(v=ws.10).aspx

 

Discussion on security concerns for PXE

http://security.stackexchange.com/questions/64915/what-are-the-biggest-security-concerns-on-pxe

 

Providing Security for PXE environment

"

  • Use a firewall, and configure it appropriately.
  • Use appropriate auditing and monitoring to detect intrusions into the network.
  • Restrict physical access to the network.
  • Use strong passwords throughout your organization.
  • Follow other best practices for secure networks.

 

" From: http://sitestree.com/?p=2132
Categories:Security, By Sayed Ahmed, Misc. Reading
Tags:
Post Data:2015-08-06 12:20:29

Shop Online: https://www.ShopForSoul.com/
(Big Data, Cloud, Security, Machine Learning): Courses: http://Training.SitesTree.com
In Bengali: http://Bangla.SaLearningSchool.com
http://SitesTree.com
8112223 Canada Inc./JustEtc: http://JustEtc.net (Software/Web/Mobile/Big-Data/Machine Learning)
Shop Online: https://www.ShopForSoul.com/
Medium: https://medium.com/@SayedAhmedCanada

Leave a Reply