|
|  以 PDF 格式下載這本書 (1569 KB)
WAN Boot Security Limitations
While WAN boot provides several different security features, WAN boot does
not address these potential insecurities.
-
Denial of service (DoS) attacks –
A denial of service attack can take many forms, with the goal of preventing users
from accessing a specific service. A DoS attack can overwhelm a network with large
amounts of data, or aggressively consume limited resources. Other DoS attacks manipulate
the data that is transmitted between systems in transit. The WAN boot installation method does
not protect servers or clients from DoS attacks.
-
Corrupted binaries on the servers –
The WAN boot installation method does not check the integrity of the WAN boot miniroot or the
Solaris Flash archive before you perform your installation. Before you perform your
installation, check the integrity of your Solaris binaries against the Solaris Fingerprint
Database at http://sunsolve.sun.com.
-
Encryption key and hashing key privacy –
If you use encryption keys or a hashing key with WAN boot, you must type
the key value on the command line during your installation. Follow the precautions
that are necessary for your network to make sure that these key values remain private.
-
Compromise of the network name service –
If you use a name service on your network, check the integrity of your name servers
before you perform your WAN boot installation.
|
