Secure network boot, Secure NFS alternative?
I'm interested in setting up multiple PC's in an office to network boot from one fileserver. To reduce maintenance I'd prefer if the clients don't have any storage of their own.
I see a huge security problem in using plain NFS for this task.
With NFS all a client needs to do is spoof it's IP and then it can read and modify the files of another client.
So this is unacceptable.
Is there some network bootable file protocol in linux that is more secure?
Another option I thought of, I can have ONE read-only root filesystem for ALL clients, and then they mount some other, secure filesystem where they each access their files. But then the question is what network filesystem protocol is secure and can be mounted remotely? SSHFS?
Ideally I don't want to encrypt the files on disk or in transit, because I don't want to increase hardware requirements.
Any ideas?
Last edited by Lop3; 07-21-2015 at 05:42 AM.
|