A draft specification for how future IP storage hardware will boot up encountered an obstacle this week: Microsoft security.
The document, “Bootstrapping Clients Using the iSCSI Protocol,” was voted down by the Internet Engineering Steering Groups IP Storage Working Group. The vote was nine to two, with an abstention by renowned AT&T Corp. security expert Steve Bellovin.
In its current form, the document discusses such security mechanisms as Dynamic Host Configuration Protocol authentication, SLPv2 and IPsec. But IP storage systems are expected to connect largely to Windows servers, and Windows Preboot Execution Environment, or PXE, is inherently insecure, one of the voters wrote, anonymously.
“PXE security is rarely enabled in practice, and this makes it possible for a rogue PXE server to reformat the hard disks of machines booting within an enterprise network,” the voter commented. Boot security is “potentially one of the most lethal security vulnerabilities existing today [and] was the topic of a briefing to the National Security Council.”
“Its an interesting Microsoft capability/problem,” said Allison Mankin, IESG Transport Director for the working group, who works as a Lucent Technologies Inc./Bell Labs researcher. “iSCSI is a disk system thats often used in the context of PXE. [The draft] didnt do anything to improve on the PXE security,” she said.
However, she and the working group leaders “are hopeful that you could do a good job of this in a month,” and that it wont delay the main iSCSI draft. The main draft was also voted down but because of more minor concerns that are simpler to fix, and that will become a Proposed Standard next week, Mankin said, in Washington, D.C.
Microsoft Corp. officials, in Redmond, Wash., did not comment on the PXE criticism.