The Raritan Blog

How Secure are Raritan’s PX Intelligent PDUs?

Posted on April 10, 2017 by Jawahar Swaminathan  |  Comment (0)

Why is security so important in data centers? Well, according to the 2016 Ponemon Cost of Data Breach Study the average cost of an information security breach is $4 million, with an average estimated cost of $154 per stolen record. Raritan believes that if a device is on a network, it has to have a set of security measures in place to protect the device, its data and the network it is connected to. 

Here is a list of Raritan’s PX security features:

Encryption: As rack PDUs are connected to management networks and even to the production networks, it is critical that any and all data sent or received by the PDUs are encrypted. We only enable secure encrypted communication by default – HTTPS and SSH. We use the strongest encryption in the industry as in:

  • HTTPS connections use TLS 1.0/ 1.1/ 1.2 with AES 128/ 256-bit ciphers supporting the widest range of browsers
  • SSH connections use public key authentication where password authentication is not adequate or feasible, like in scripts
  • SNMP v3 connections are encrypted with MD5 or SHA authentication protocols and DES or AES privacy protocols
  • StartTLS implementation ensures encrypted transport of user credentials from the PDU to the remote authentication server
  • Besides being a secure server, the PDU is also secure client when dealing with remote authentication servers using  TLS for OpenLDAP and active directory as well as CHAP for RADIUS communication

Password Policies: With all the security measures available and implemented, passwords remain the most critical component of security. We provide several ways to ensure passwords are strong and current.

  • Strong passwords require a minimum of eight characters with lower case, upper case, numerals and special characters while forbidding the past three passwords
  • Force password change ensures that the default password gets changed after the first-time login as default passwords are the easiest way hackers take control of connected devices
  • Password expiration ensures passwords getting refreshed periodically, preventing hackers from accessing the PDUs from any known security breaches

Firewall: Rack PDUs are accessed over the network for various reasons ranging from simple data collection to critical alert notifications, and even power control. With systems and users needing access from various segments of the corporate network, we believe it is critical to keep unauthorized access completely out through the following means:

  • IP Based Access Control Lists (IP ACL) rules determine whether to accept or discard traffic to/from the PDUs, based on the IP address of the host sending or receiving the traffic
  • Role Based Access Control (RBAC) rules act similar to IP access control rules which allow access to PDUs based on the roles of individual users

Defense in Depth: Rack PDUs play a critical role in managing the power infrastructure and servers, using the PDUs remote power control functionality. Therefore, it is essential to protect against network breaches. We have implemented several security measures that keep the rack PDUs one step ahead of these threats:

  • Blocking access after repeated failed login attempts to defend against potential Distributed Denial of Service (DDoS) attacks and logging the source of the attempts
  • Timing out inactive sessions to prevent unauthorized access
  • Limiting the use of the same login credential from multiple clients
  • Enforcing restricted service agreement warnings and requiring that users accept them to login

Certificates: X.509 digital certificates ensure that both parties in a secure connection (TLS) are authorized users. As rack PDUs are increasingly accessed over public networks, having valid certificates protect against man-in-the-middle attacks. In order to make this process as efficient as possible, Raritan rack PDUs support two major types of certificates:

  • CA certificates that are issued and signed by public certificated signing authorities after thorough verification of the user’s business; the PDU interface even generates the certificate signing request for submission to signing authorities such as verisign, digicert and more
  • Self-signed certificates when a CA certificate is not deemed necessary; the PDU also provides an interface to generate a self-signed certificate

At Raritan, we take security very seriously given our 30+ years of pioneering experience in IT and data center management. We monitor US-CERT for reported security vulnerabilities to keep our customers secure. To learn more about our PX intelligent PDUs visit us as - http://www.raritan.com/products/power-distribution/intelligent-rack-pdus


Leave a Comment