PXE architecture, RIS, and security considerations

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

PXE architecture, RIS, and security considerations

The Pre-Boot eXecution Environment (PXE) architecture used by Remote Installation Services (RIS) presents some security risks that are inherent in PXE due to its design. PXE is an industry standard, so any remote-installation method that uses PXE carries the same risks.

These security risks include the following:

  • PXE does not provide a way to prevent an unknown server from performing remote installations on PXE-enabled client computers. If a server can establish a connection with the clients, it can perform remote installations on them.

  • PXE does not provide a way to fully prevent packet spoofing. This means that packets sent by an attacker could be received by a client computer and incorporated into that client computer's installation.

  • PXE does not provide a way to prevent an unknown PXE-enabled computer from installing from a server if the PXE-enabled computer can connect to the network. RIS provides some security not inherent in PXE, however, because RIS performs remote installation only after the user has logged on. A user who lacks a valid user name and password cannot use RIS to perform an installation.

    In addition, you can achieve a somewhat greater degree of security with RIS if you prestage your client computers and configure your RIS servers to respond only to known (prestaged) clients. Then, if an intruder succeeds in connecting an unknown, PXE-enabled client computer to your RIS server, no installation files will be sent to that client computer. The intruder will not gain information about the configuration you use on your RIS client computers. For more information about prestaging, see Prestage client computers.

Because of these security issues, it is recommended that you place protections around any network that contains PXE-enabled client computers.

You can take steps, such as those described in the following list, to ensure that computers controlled by people outside of your organization cannot make a connection to PXE-enabled clients:

  • Use a firewall, and configure it appropriately.

  • Use appropriate auditing and monitoring to detect intrusions into the network.

  • Restrict physical access to the network.

  • Use strong passwords throughout your organization.

  • Follow other best practices for secure networks.

For more information about the preceding recommendations, see Best practices for security for security and also the Best practices for installing and upgrading the operating system topic in Getting Started.

For information about the sequence of events that occurs when a client computer is started with PXE, see PXE architecture.

Note

  • This topic does not apply to Windows Server 2003, Web Edition.