The Raritan Blog

IoT Security Compliance at the Rack Level

Posted on October 1, 2021 by Gento

The world is driven by software is not a shocking claim, but the ubiquity of its presence is worth a reminder. A recent hunt for a new refrigerator served as a notification, in case I had forgotten, about the pervasive nature of the IoT and the ability to connect to just about anything, even an appliance, from anywhere you have an internet connection. The same holds true for our large modern data center networks, obviously, from building automation and controls packages right down to the software operating intelligent rack PDUs. 

The relative openness of our software-driven world means that, in some ways, we are even more vulnerable than ever. And while your leftovers are relatively safe, IoT botnet attacks such as the ‘Star Wars’ Twitter botnet of 2017, ransomware attacks on our fuel and food supplies, and recent similar attacks on US businesses serve as a reminder that if you have software and internet-connected devices, you have vulnerabilities. 

For this reason, Legrand takes the security of its Raritan line of rack PDUs very seriously. Our PX3 PDUs have recently undergone a thorough software security audit by the firm Pivot Point Security. This penetration testing involves OSSTM, PTES, and OWASP testing methodology, as well as guidance from relatively recent legislation out of California known as CA SB 327

Here is the process that the Raritan PX3 software underwent: 

  • Full testing of the device’s exposed services from a network perspective 

  • An OWASP Top 10 assessment of any exposed applications 

  • A full assessment of the communication channel’s security 

  • An assessment of the physical security of the device 

  • A hardware security assessment of the device’s internals 

  • Binary and reverse engineering analysis of the device’s firmware 

California is the only state in the union to have passed legislation for consumer-related IoT devices. CA SB 327 defines IoT devices to include any device or “other physical object” that is capable of connecting to the internet (even “indirectly,” such as by pairing with another device) and assigned an IP or Bluetooth address. 

Under the law, devices must be equipped with “reasonable security features” designed to protect the device, and information contained in the device, from “unauthorized access, destruction, use, modification, or disclosure.” Reasonable security features are defined as those “appropriate” to the “nature and function of the device” and the “information it may collect, contain, or transmit.” Importantly, manufacturers should view the law as an effort to protect user safety and consumer privacy—and even safeguard against threats to public safety. 

While the specifics of the legislation are somewhat vague, Raritan understands the requirements of mission-critical data security. By supporting the fight against any vulnerabilities through independent testing, Raritan’s rack PDUs are secured in a manner consistent with industry best practices. Contact us to learn more about the security testing of Raritan PX3 software.

Other Blog Posts

Who Should Care About ISO 27001?
Posted on July 1, 2024
The cascade effect of data center failure on businesses - why sensors are essential
Posted on November 5, 2023
The Rapid Growth of AI and the Use of Raritan PDUs to Meet Higher Power Demands
Posted on October 11, 2023
Data Center Report Fewer Outages, But Downtime Still Costly
Posted on September 20, 2023
Survey: Energy Usage and Staffing Shortages Challenge Data Centers
Posted on September 20, 2023

View all Blog Posts


Upcoming Events

New Zealand Cloud & Datacenter Convention 2022
3 November 2022, 9am – 4pm  •  Grand Millennium Hotel, Auckland, New Zealand
Data Centre World Singapore
12th – 13th Oct 2022
Korea Cloud & Datacenter Convention 2022
6th Oct 2022
Philippines Cloud & Datacenter Convention 2022
4th Aug 2022
JANOG50 Meeting Hokkaido
3th – 15th July 2022

View all Events

Latest News

Legrand Certifications and Process Controls Provide Confidence in Information Security for Network-Connected Devices in Data-Related Applications
Posted on July 1, 2024
Legrand Revitalizes Data Center Sector with Two Revolutionary Intelligent Rack PDUs
Posted on May 1, 2023
Exclusive interview丨How does Huizhou upgrade its manufacturing industry?
Posted on December 2, 2021
Raritan Reveals The MasterConsole® Digital Dual KVM Switch
Posted on February 18, 2021
Legrand Data, Power and Control Division Announced as Finalist in Six Categories at DCS Awards 2020
Posted on November 9, 2020

View all news