What are the top security concerns when setting up a PXE (Preboot Execution Envi

Question

What are the top security concerns when setting up a PXE (Preboot Execution Environment) booting environment, ordered by severity of a possible exploitation?

Things that I thought of are (in no particular order):

- Rogue DHCP takeover
- Man-in-the-Middle attacks on the NBP load over TFTP

The question is meant to look at the general protocol and its possible weak points and is not restricted to a certain setup concerning equipment or attacker.

If anyone wants to help me bring this question in a more suited format, you are welcome.

Explanation / Answer

The top security concern is that the only protection of traditional PXE booting is physical security. There is no encryption or authentication anywhere in the process from power-on to OS start.

The basic PXE process:

1. Computer makes a DHCP request
2. DHCP server responds with address and PXE parameters
3. Computer downloads boot image using TFTP over UDP

The obvious attacks are a rogue DHCP server responding with bad data (and thus hijacking the boot process) and a rogue TFTP server blindly injecting forged packets (hijacking or corrupting the boot image).

UEFI secure boot can be used to prevent hijacking, but a rogue DHCP or TFTP server can still prevent booting by ensuring the computer receives a corrupted boot image.

Related Questions

Navigate

• Browse (All)
• Browse W
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.