I’ve written before about the huge benefits you can reap if you plan for large sitewide outages by giving yourself access to all the troubleshooting tools you’ll need ahead of time.
These days, that almost always includes access to a bevy of embedded management interfaces. These interfaces are common on devices like uninterruptible power supplies, network-attached power distribution units, blade chassis, and server hardware in the form of baseboard management controllers (BMCs). They can be an enormous help when you’ve had a full site failure or are remotely troubleshooting a huge range of problems.
However, they also can present an enormous risk if not protected properly.
Recently, US-CERT released a security advisory that explains the risks inherent with exposing Intelligent Platform Management Interface (IPMI) interfaces to unsecured networks. IPMI is an API standard maintained by Intel that describes a platform-independent method of interacting with the BMCs on servers. This advisory followed the release of numerous vulnerabilities in the IPMI 1.5 and 2.0 standards discovered by independent security consultant Dan Farmer while working on a DARPA grant.
SOURCE: infoworld.com
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…