Deployment Solution

 View Only

What Security Risks are Associated with Using PXE and How Can I Reduce Them? 

Aug 19, 2008 03:47 PM

IT managers who leverage Deployment Solution's PXE capabilities recognize that it saves time and money allowing technicians to deploy, update and diagnose problems on hardware without having to leave their management console. There are some concerns IT managers have in using PXE however, and this article will help address some of those concerns by listing steps that can be taken to help drastically reduce the likelihood of a malicious user successfully conducting an attack by PXE.

Concern:

A malicious person can set up a rogue PXE server on my network and take control of machines by PXE booting them into a different operating system.

Response:

Depending on the environment you are working with, this may or may not be a concern. If you are using PXE in a data center environment where physical access tightly controlled, and multiple VLANs are implemented, your risk factor is probably about the same as non-pxe methods (USB, CDROM, etc), because anyone who has physical access to the box can take control of it. On the other hand if you are managing end user machines in a widely distributed environment, then you might be at risk of such a scenario. In either case, you can use the following techniques to reduce the risk of malicious users booting to their own operating system on your organization's machines. Many of these techniques make common sense and should be used regardless of the presence of a PXE server.

Action 1 - Control physical access and use multiple VLANs:

To some this may be obvious, but knowing who has access to the offices or other various locations your hardware resides is a major factor in controlling threats. VLANs help IT administrators partition their network into logical groups that can be assigned different trust levels. For instance all public Kiosks in an organization can be on a public VLAN, and all employee machines can be on a trusted VLAN.

Action 2 - Use IP address reservations or even better, use Network Access Control:

In order for a rogue PXE server to operate on a network it must have a functioning IP address, and the more barriers you can put in place to keep a malicious person from gaining full access to your network the better. One technique is to use IP address reservations on the DHCP server. Network Access Control offers an even more robust solution especially in an environment where you may be interacting with untrusted machines. Network Access Control also helps to control worms, and other viruses that may be transmitted by unprotected or unauthorized machines connected to your network.

Action 3 - Use PXE Force Mode:

PXE force mode (implemented on the DHCP server) causes all machines to only be able to PXE boot from the trusted PXE server that the DHCP server dictates. This action is the most powerful in preventing PXE based attacks even if a rogue PXE server makes it on to the network and has a functioning IP address. There are a number of instructions on how to enable PXE force mode, but the easiest is probably to use the PXE force mode utility created by Altiris.

Consult http://kb.altiris.com/article.asp?article=28035&p=1 for details.

Action 4 - Make sure your BIOS passwords are secure:

If users can access the BIOS, they are able to turn on PXE booting whether or not you are using PXE on your network. This is a vulnerability for every networked machine that supports PXE so make sure your passwords are BIOS passwords are set properly, and can not be easily guessed. Certain software packages such as Deployment Solution for Dell Servers allows you to set BIOS passwords remotely from your Deployment Console making this action even easier.

Action 5 - Only use PXE for Deployment, then rely on automation partitions for maintenance:

PXE is especially useful for deployment because it requires nothing other than BIOS support. Once you have deployed your OS, install an automation partition and turn off PXE in the BIOS of that machine. This not only reduces the load on your PXE server, but makes that particular machine more secure. Switching between automation partition usage and PXE can even be done remotely on Dell Servers using hardware configuration features of Deployment Solution for Dell Servers.

Conclusion

In general, using PXE wisely in an already secure environment does not significantly increase security risks for that network, or the machines on that network. If you can spot a likely exploitation scenario, chances are your network suffers from design flaws that need to be reworked regardless of whether you use PXE.

Statistics
0 Favorited
0 Views
1 Files
0 Shares
0 Downloads
Attachment(s)
zip file
pxe_concerns.zip   15 KB   1 version
Uploaded - Feb 25, 2020

Tags and Keywords

Related Entries and Links

No Related Resource entered.