I do not claim to be a security professional or specialist, but I did notice some key items that stand out like a sore thumb:

• The Mac OS X Net-Booting Server appears to use a One Time Password (OTP) when it sends its DHCP/BOOTP response to the net-booting client. After the client connects via AFPFS/IP to mount its disk images, the password changes. I see no way for duplicating this easily within DHCP such that, the patches could ever have a chance for being integrated into the main DHCP source tree.
  • Plaintext passwords may not be an issue for your network. Even if it is switched, the DHCP/BOOTP response could still be flooded to other ports since the return IP address conforms to standards for broadcast. (In my test with my 3Com Switch, is made the proper jump to know that the destination address in the ethernet frame that carried the IP++ layer's DHCP response back to the client should go to the port that originally sent the request with a source ethernet address of the net booting client. YMMV, since you may have set up certain ports to be flooded with all traffic, or done something else to munge your switch to stop it from working as it should.)
  • Anyone sniffing your network might be able to see the DHCP/BOOTP response that contains the plaintext password. However, since the ethernet address destination is known, the switch may not flood the response to other ports, but instead only send to the proper destination port. (This is what should happen, but you should still check.)
  • Limited testing with a switch showed me that the return response did not get flooded, but Your Mileage May Vary.
  • If the return response (DHCP/BOOTP) is sniffed while using this setup, then any malicious user may have a username and password to access the shared volume with the images. Certainly, with a proper setup, they only have read access to the "SharedImages" folder contents, but write access to the "ClientImages" folder. This is a possible point for trojan-ing with keyboard sequence grabbers for NCs that are used, or just plain DoS by deletion of the image files for a particular machine. Also, having write permission to that file would allow them to dump a very large file over it with the same name to eliminate the free space on your server.
• With the introduction of this page, it becomes possible for a laptop user to become a server for net booting macs, and if it is able to respond with a DHCP/BootP response before your loaded Mac OS X NetBooting server, then this malicious user may take control of one of your macs system software. However, if this user is able to connect to your network to begin with, how does that differ from them using their own laptop, or one of your macs? Hmm. Could be a problem. Mentioned just in case it is an issue for you. (By the way, all of these tests, and a net booted mac were first booted from a Laptop running Linux.)
• Other security issues may go here...
• I would like to examine the authentication system used by the clients during boot, and maybe discuss that. Will I have time? Probably not, but it would be a good thing to examine to see how secure their authentication is before setting this up for more than public users...

Comments and/or suggestions?: Email me at: dugan@passwall.com(Realize that I am very busy, and may not have time to respond to all E-mail messages. If you include NETBOOT MACNC (all Caps) as beginning it is more likely to get my attention... ;-)

DISCLAIMER:With the understandings for the use of a tool comes the responsibility in knowing how to use it without causing damage or harm. A tool can be used for good or evil, and you are responsible for your choice and the consequences of that choice in the use of any tool at your disposal.

I do not claim this to be free of bugs or defects, and you use this at your own risk.

I take no responsibility for any user's actions or inactions in following or not following any part or whole of any suggestions found on this page. If any user finds a loss of data, destruction of hardware, Alien Cattle mutilations, sightings of Elvis (ghost or body), loss of sanity, loss of insanity, worldly possessions, or non-worldly possessions as a result of following in part, or in whole any of the preceding or proceeding information, they assume any risks or responsibilities in whole for their decision(s). So, if you break something with one of your decisions that was in part or whole derived from information on this page, do not blame me or find me responsible or accountable for it in any way.

There should be no charge requested from me to you for this information, and so if you decide that you want any money back for deciding later that you did not really want this information after all, you will need to take that up with the person that charged you money. I will not offer you any compensation for your purchase since I was never compensated by you.`

It should be restated that *you* take all of the risks, and assume all of the responsibility for following, in part or in whole any information obtained from this document. I do not care if your dog continuously barks at you, or the sky becomes too blue, or nuclear war breaks out as a result of you following any of this information. It will all be your fault since you assume all of the risks, so neeener, neeener-neeeener. :-P

(C)1999,2000,2001,2002,2003,2004 By Michael Egan extended to all works not explicitly credited to other people within these documents. Permission to duplicate content on these pages not explicitly credited to others is granted so long as you give me credit for the work I have contributed and links are provided to refer to this original site if it is still available. I cannot extend permission to you to re-re-publish quoted words from people who have submitted solutions, posed questions or added clarification. If you wish to use their content, you should contact each person for permission to re-re-publish their included comments. (I have retained their permission, but never asked to extend it for others.)

(C)1999,2000,2001,2002,2003,2004 By respective noted authors/admins for included questions or answers. Permission to publish their comments granted to me for this website. I cannot grant permission for you to duplicate their work as I am not in control of any copyrights they may retain. (I expect, most would be fine with allowing their content to be republished, but I cannot speak for them.)

Apple Computers is a registered trademark of Apple computers.

Macintosh OS X, Macintosh OS 8, Mac OS X, Mac OS 8, Mac OS 9 All refer to Operating Systems created and controlled by Apple Computers. (No disk image files for net booting, or other proprietary programs legally controlled by Apple are available for download from this collection of pages made by me. No links are knowingly created on these pages that direct users to other pages that offer copyrighted software being distributed illegally. If you find a link on pages with this diclaimer that take you to a site that offers software that is illegally offered, feel free to let me know so that I may update my links to not include them.)

Other mentioned systems and products may be owned, patented, copyrighted, trademarked, or in some way legally controlled by their respective owners.

This information is provided with intent to inform users of protocols, procedures used in Net Booting a Macintosh Client, and solutions to the problems defined in this document.

If you have complaint about content provided, and wish to have trademark, copyright, patent, or other legal information explicitly provided here where a product you produce is listed, or have other complaints about this that may be legal, let me know before calling your lawyer: I am flexible.