Nerdpedes,
have a look at
https://security.stackexchange.com/questions/64915/what-are-the-biggest-security-concerns-on-pxe
Best of:
I can capture a full machine image. Do your systems automatically connect to the domain controller after setting up the machine? If so, this image probably has domain controller credentials on it, that I can capture and use elsewhere.
Computer makes a DHCP request --> DHCP server responds with address and PXE parameters --> Computer downloads boot image using TFTP over UDP
If the good guys got the traffic on that low level, unencrypted. Then they would have it all.
Yes, but have you pxe booted a live cd or similar, that's what we are talking about here. The pxe environment is meant for installing on hdd not running live, I don't know that it's possible.
ah, indeed. So....this is from microsoft. https://docs.microsoft.com/en-us/troubleshoot/mem/configmgr/understand-pxe-boot
"The NBP downloads the operating system loader and the boot files via TFTP, which include the following:
smsboot\x64\pxeboot.com smsboot\x64\bootmgr.exe \SMSBoot\Fonts\wgl4_boot.ttf \SMSBoot\boot.sdi \SMSImages\RR200004\boot.RR200004.wim A RAMDISK is created using these files and the WinPE WIM file in memory.
RAMDISK is created
The client boots from the RAMDISK."
Looks like pxe does boot from RAM? I was under the impression that PXE was for deploying an image/images out easily to clients for installation of said images onto the clients drive. I am not certain anymore due to reading through the doc I linked from microsoft.
OK but where is it saving the .wim file? These files are often large and far too big to simply store it in ram, so, when it downloads, where does it write it, if not the hdd?
I don't know, but a windows LTSC .wim is 3GB, I wouldn't say that its to big for modern RAM. I haven't come across anything under 8GB RAM in a while
I'm not really arguing with you, you are correct, it's possibleto fit it all in ram, just not likely. That said the image for the voting machines is probably pretty stripped down and much smaller than a standard windowsimage. I have similar at work, but our image is still in the 40-50 gig range. .wim stands for windows image file. Usually it is a presetup windows machine at 20+ gigs. From my experience. I service machines for a company that use pxe for deployment and will often image many machines at once. Not saying you are wrong tho.
Could it be where the infamous thumb drives come into play? to serve up the required software overrides across a LAN?
It's possible, yes.