SunRay Server Question??? security issue

[JetsFanatic]

The SunRay Appliance uses DHCP to get it's address.

It gets this from the SunRay Server software running on a Solaris Server.

But my question is will it give anyone or anything an address that send a DHCP request?

If so this would be a BIG security loophole in the design.

 

[Nothinman]

You would have to inspect the DHCP server configuration, all should allow you to assign IPs it'll hand out by Mac address but whether it comes setup that way or not, I have no idea.

 

[spyordie007]

even so a MAC address could be spoofed, what exactly is the SunRay Appliance?

-Spy

 

[Nothinman]

even so a MAC address could be spoofed

I know, but I don't think you should have server's getting their IPs from a DHCP server unless they're on a protected subnet/vlan/something. All they would end up doing is dup'ing the server, which is perfectly possible to do with static information anyway.

 

[JetsFanatic]

Originally posted by: Nothinman

even so a MAC address could be spoofed

I know, but I don't think you should have server's getting their IPs from a DHCP server unless they're on a protected subnet/vlan/something. All they would end up doing is dup'ing the server, which is perfectly possible to do with static information anyway.

The servers have static address

but the appliances only get DHCP address

SunRay appliances are "the thinnest of clients" thin clients

 

[spyordie007]

okay so it sounds like these are something you would want to be using on a seperate LAN anyways so what does it matter if it has an open DHCP server, another device with an IP on that network would have no connectivity anyways (except to the solaris server) so I dont see why it would be an issue.

-Spy

 

[JetsFanatic]

Originally posted by: spyordie007
okay so it sounds like these are something you would want to be using on a seperate LAN anyways so what does it matter if it has an open DHCP server, another device with an IP on that network would have no connectivity anyways (except to the solaris server) so I dont see why it would be an issue.

-Spy

It would be an issue if someone, out of hours, brought in a device to try and hack into the network.
Plus not everywhere they are thinking about putting them is 100% secure.. If i can unplug one
and plug something else in that is a problem in my eyes. Call be too paranoid about hacks
but it is how I feel. That is why I was wondering if the SunRay Server software would give
and ip to anything else but a SunRay Client.

 

[spyordie007]

the only thing on the network to hack would be the solaris server, you would have all the thin clients and the server on a seperate network so even if they did get a device on there wouldnt be anything they could do. Besides who needs a DHCP server to get on, what's going to stop them from say (if they have physical access to the LAN but not software access) using a packet sniffer to find out what subnet is getting used and hardcoding their IP?

I guess I can see how you would be a little uncomfortable, but there are going to be plenty of other security concerns that are going to be way more important for the admin anyways (like who is using those thinclients, and who they are letting use their session...)

-Spy

 

[JetsFanatic]

Thanks for the input