Firewalls: RE: netboot for bastion host

Firewalls
(February 1995)

Indexed By Thread: [Previous] [Next]

Subject:	RE: netboot for bastion host
From:	"Antonio Vasconcelos" <antonio_vasconcelos @ q950 . bvl . pt>
Date:	21 Feb 1995 20:55:08 +0000
To:	sumisu @ slab . ntt . jp
Cc:	"FireWalls Mailing List" <firewalls @ greatcircle . com>

>I remember a discussion several weeks ago about using a CD-ROM based
>bastion host, mounting filesystems read-only, etc.  I was wondering if
>anyone has given thought to netbooting a bastion host from a trusted
>system inside the firewall.  Is there any value to this?  I was
>thinking that this way you could ensure a "virgin" system just by
>rebooting the machine...  Any changes to the kernel or other files
>would be gone after reboot, etc.

If you can make your own boot cd with things like root and usr
it sure llooks a good idea, the machile will be slow, ok but methinks
it will be SAFE.

But how to solve things like /usr/tmp and /var/tmp ? Those can't be in
cdrom and I think they must be mounted at boot time.

We have a cdrom burner, but I have no idea of how to write a solaris
2.x
boot disk...
--
vasco

Follow-Ups:

Re: netboot for bastion host
From: blymn @ awadi . com . AU (Brett Lymn)

Indexed By Date	Previous:	*B1 viruses (and not in the AN/ALQ161 - no promises from memory 8)** From: padgett @ tccslr . dnet . mmc . com (A. Padgett Peterson, P.E. Information Security)
Indexed By Date	Next:	Re: Random password generators (fwd) From: colin . dykstra @ solect . com
Indexed By Thread	Previous:	Re: netboot for bastion host From: mcr @ milkyway . com (Michael Richardson)
Indexed By Thread	Next:	Re: netboot for bastion host From: blymn @ awadi . com . AU (Brett Lymn)