Security Concerns

	The following procedures assume a isolated, secure environment from
	which to work with. Ideally this system will not be connected to the 
	internet or at the very least has a well hardened firewall between 
	this installation lan and the rest of your network. NFS, DHCP and
	TFTP offer little to no security and protection. Having a well thought
	out security scheme is vital. Remember that this is your install source. 
	Any compromise here compromises your entire network and all hosts on
	that network.

	If a isolated network is not possible or feasible having a firewall
	between the installed system and the jumpstart can help you configure 
	access on demand and monitor that access closely during installation. 
	This requires dilligence and is not as secure as having an isolated
	environment. It is more secure than nothing. It is also recommended
	that you install tripwire or some similar package, to help discover 
	any security issues.

	This systems primary concern is not security but install automation. As such some
        services such as inetd, dhcp, ftp and nfs are required to be open. If the
        primary software repository is compromised you can assume every host installed
        from it is compromised also. I am not going to cover every possible security
        measure nor detail any implementations. The better method of security is to
        have two physically separate networks, and move installed hosts into the
        production network after installation. I highly recommend a IDS on the
        installation network and a tripwire or similar software to monitor package changes.