博客

IoT Security Compliance at the Rack Level

Posted on October 1, 2021 by Gento

The world is driven by software is not a shocking claim, but the ubiquity of its presence is worth a reminder. A recent hunt for a new refrigerator served as a notification, in case I had forgotten, about the pervasive nature of the IoT and the ability to connect to just about anything, even an appliance, from anywhere you have an internet connection. The same holds true for our large modern data center networks, obviously, from building automation and controls packages right down to the software operating intelligent rack PDUs. 

The relative openness of our software-driven world means that, in some ways, we are even more vulnerable than ever. And while your leftovers are relatively safe, IoT botnet attacks such as the ‘Star Wars’ Twitter botnet of 2017, ransomware attacks on our fuel and food supplies, and recent similar attacks on US businesses serve as a reminder that if you have software and internet-connected devices, you have vulnerabilities. 

For this reason, Legrand takes the security of its Raritan line of rack PDUs very seriously. Our PX3 PDUs have recently undergone a thorough software security audit by the firm Pivot Point Security. This penetration testing involves OSSTM, PTES, and OWASP testing methodology, as well as guidance from relatively recent legislation out of California known as CA SB 327

Here is the process that the Raritan PX3 software underwent: 

  • Full testing of the device’s exposed services from a network perspective 

  • An OWASP Top 10 assessment of any exposed applications 

  • A full assessment of the communication channel’s security 

  • An assessment of the physical security of the device 

  • A hardware security assessment of the device’s internals 

  • Binary and reverse engineering analysis of the device’s firmware 

California is the only state in the union to have passed legislation for consumer-related IoT devices. CA SB 327 defines IoT devices to include any device or “other physical object” that is capable of connecting to the internet (even “indirectly,” such as by pairing with another device) and assigned an IP or Bluetooth address. 

Under the law, devices must be equipped with “reasonable security features” designed to protect the device, and information contained in the device, from “unauthorized access, destruction, use, modification, or disclosure.” Reasonable security features are defined as those “appropriate” to the “nature and function of the device” and the “information it may collect, contain, or transmit.” Importantly, manufacturers should view the law as an effort to protect user safety and consumer privacy—and even safeguard against threats to public safety. 

While the specifics of the legislation are somewhat vague, Raritan understands the requirements of mission-critical data security. By supporting the fight against any vulnerabilities through independent testing, Raritan’s rack PDUs are secured in a manner consistent with industry best practices. Contact us to learn more about the security testing of Raritan PX3 software.

Other Blog Posts

Solving the Problem of the Data Center Digital Twin
Posted on July 11, 2024
2024 Will be a Big Year for Greater Analytics Automation in the Data Center. Here’s How
Posted on July 2, 2024
谁会更重视ISO27001?
Posted on July 1, 2024
Manage What You Measure: The Value of Legrand’s SmartSensor Portfolio
Posted on June 20, 2024
Data Centers are Getting Denser and Smarter: Here’s How Facility Managers Can Keep Up
Posted on May 28, 2024

View all Blog Posts

力登官方微信公众号
cn-blogfollow

近期活动

New Zealand Cloud & Datacenter Convention 2022
3 November 2022, 9am – 4pm  •  Grand Millennium Hotel, Auckland, New Zealand
Data Centre World Singapore
12th – 13th Oct 2022
Korea Cloud & Datacenter Convention 2022
6th Oct 2022
Philippines Cloud & Datacenter Convention 2022
4th Aug 2022
JANOG50 Meeting Hokkaido
3th – 15th July 2022

View all Events

力登最新新闻

罗格朗获得的行业认证和严格控制的生产流程,增强了数据中心运营中连网设备的稳定性。
Posted on July 1, 2024
重振数据中心行业——罗格朗重磅推出两款新的智能机架式PDU产品!
Posted on May 1, 2023
独家专访丨惠州如何升级制造业?法资企业CEO提了个建议
Posted on December 2, 2021
力登公司推出MasterConsole®数字双显示器KVM切换器
Posted on February 18, 2021
Legrand Data, Power and Control Division Announced as Finalist in Six Categories at DCS Awards 2020
Posted on November 9, 2020

View all news