Solved

Security question about "Boot on Lan Technology"

Posted on 2004-04-24
4
2,269 Views
Last Modified: 2010-04-11
  My institution is considering using "Boot on Lan Technology" is there any security problems with that? Whats to keep someone from booting computers on the network. If I goto freshmeat.net i can download software that boots computers for free and so can someone that i don't want to. Is the special packet that wakes a computer up configurable?

  I'm not looking for a answer pertaining to the security of the entire network nor it's machines no matter how justified you might think it is. Which means im not awarding points for these types of answers.
0
Comment
Question by:Fubyou
  • 3
4 Comments
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 10909645
The basic security of wake-on-lan technology is the knowledge of the MAC adderss, that's it. USUALLY there is no password, you just have to have the MAC address correct. Sometimes you need both MAC and IP, others have added a password in addtion to the IP and MAC address. Your BIOS must support the feature first, then your NIC.
http://support.intel.com/support/network/adapter/pro100/sb/cs-008438.htm
http://support.intel.com/support/network/sb/CS-008459.htm#1 (no password required)
http://www.amd.com/us-en/ConnectivitySolutions/TechnicalResources/0,,50_2334_2481,00.html

There isn't much as far as authentication with respect to WOL... but it would take you a long time to brute-force a bunch of MAC address's to get one right. The NIC's don't answer regular boadcast's when the PC is powered off, they do listen, and that's how they pick-up the WOL packet. So someone can't sniff your network and get MAC address's while the PC's are off.
http://www.ciol.com/content/search/showarticle1.asp?artid=38876

But if they did manage to boot the a pc or server, then they could start to work on those boxes...
GL!
-rich
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 10909694
To clarify, look at different NIC verdors to see if one offers more security than another.
This is the process...
A Magic Packet is simply a UDP packet with a specific sequence of bytes. The sequence is a 6 byte synchronization byte sequence (0xFFFFFFFFFFFF), followed by the primary network cards Physical Addresses (MAC address) repeated 16 times in sequence, for the machine you are attempting to wake up.  After building this packet we then broadcast it to a local subnet.

Still I was unable to find any of the popular NIC providers that offered a password for wak-on-lan...
intel,amd,3com,linksys,dell etc...
-rich
0
 
LVL 2

Expert Comment

by:Phill_upson
ID: 10938727
Whilst using network boot doesn't require an initial password all you really have access to is the wiring and to see that other kit exists (no less secure than someone plugging their laptop into a spare socket on the wall).  Whatever you are booting over the network, which as commented before would need a matching MAC address, would normally be your standard OS anyway, requiring the user to login before accessing resources.  I have to say I haven't seen an attack use lan boot as an access method, coupled with this, the machine would need matching hardware to boot successfully anyway due to the drivers for the hardware.

Hope this helps
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 500 total points
ID: 10938954
True, it appears that physical security is necessary, but should someone be able to get in your lan from outside,  a backdoor, a trojan, P2P exploit, hacking etc... they could install the WOL software. I've never seen anyone do it however, most PC's are left on after hours, or the majority of them are, typically because users aren't told to turn them off, or to roll out updates to the PC's. You can inforce both... you can schedule a task to run to shut down PC's after hours, in addtion you can specify Log-On hours so that no one could try to log on pc's after hours, but the PC's can be booted or remain booted "after hours". Windows Shutdown.exe can easily be scripted to send the "shutdown" command to IP's that you specify, in what ever time frame you specify, every five minutes, every hour etc...  But as said before, it's typically overlooked, and or not done often- the WOL that is.
-rich
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
php extract($_REQUEST) 5 90
Suggestions on remote printing. 3 38
ticket bloat 3 50
Setting up NAT translation for RDP 6 39
Data breaches are on the rise, and companies are preparing by boosting their cybersecurity budgets. According to the Cybersecurity Market Report (http://www.cybersecurityventures.com/cybersecurity-market-report), worldwide spending on cybersecurity …
The related questions "How do I recover the passwords for my Q-See DVR" and "How can I reset my Q-See DVR to eliminate a password" are seen several times a week.  Here we discuss the grim reality of the situation.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question