博客

IoT Security Compliance at the Rack Level

Posted on October 1, 2021 by Gento

The world is driven by software is not a shocking claim, but the ubiquity of its presence is worth a reminder. A recent hunt for a new refrigerator served as a notification, in case I had forgotten, about the pervasive nature of the IoT and the ability to connect to just about anything, even an appliance, from anywhere you have an internet connection. The same holds true for our large modern data center networks, obviously, from building automation and controls packages right down to the software operating intelligent rack PDUs. 

The relative openness of our software-driven world means that, in some ways, we are even more vulnerable than ever. And while your leftovers are relatively safe, IoT botnet attacks such as the ‘Star Wars’ Twitter botnet of 2017, ransomware attacks on our fuel and food supplies, and recent similar attacks on US businesses serve as a reminder that if you have software and internet-connected devices, you have vulnerabilities. 

For this reason, Legrand takes the security of its Raritan line of rack PDUs very seriously. Our PX3 PDUs have recently undergone a thorough software security audit by the firm Pivot Point Security. This penetration testing involves OSSTM, PTES, and OWASP testing methodology, as well as guidance from relatively recent legislation out of California known as CA SB 327

Here is the process that the Raritan PX3 software underwent: 

  • Full testing of the device’s exposed services from a network perspective 

  • An OWASP Top 10 assessment of any exposed applications 

  • A full assessment of the communication channel’s security 

  • An assessment of the physical security of the device 

  • A hardware security assessment of the device’s internals 

  • Binary and reverse engineering analysis of the device’s firmware 

California is the only state in the union to have passed legislation for consumer-related IoT devices. CA SB 327 defines IoT devices to include any device or “other physical object” that is capable of connecting to the internet (even “indirectly,” such as by pairing with another device) and assigned an IP or Bluetooth address. 

Under the law, devices must be equipped with “reasonable security features” designed to protect the device, and information contained in the device, from “unauthorized access, destruction, use, modification, or disclosure.” Reasonable security features are defined as those “appropriate” to the “nature and function of the device” and the “information it may collect, contain, or transmit.” Importantly, manufacturers should view the law as an effort to protect user safety and consumer privacy—and even safeguard against threats to public safety. 

While the specifics of the legislation are somewhat vague, Raritan understands the requirements of mission-critical data security. By supporting the fight against any vulnerabilities through independent testing, Raritan’s rack PDUs are secured in a manner consistent with industry best practices. Contact us to learn more about the security testing of Raritan PX3 software.

Other Blog Posts

您对PDU的功能有特殊的要求吗?力登公司可以为您度身定制。
Posted on October 18, 2021
确保安全:机架过载保护
Posted on September 22, 2021
A Teaching on Supporting Higher Densities for Higher Ed
Posted on September 9, 2021
Supercomputing in the Quantum World
Posted on September 1, 2021
冰与火:数据中心环境监测
Posted on August 19, 2021

View all Blog Posts

力登官方微信公众号

力登官方微信公众号
cn-blogfollow

近期活动

Data Cloud India
February 5-6, 2020  •  Mumbai, India
Industrial Automation
April 24, 2020  •  Tainan, Taiwan
DigiTimes Data Center Forum Taipei
May 8, 2020  •  Taipei, Taiwan
Cloud & Data Center Convention (Wmedia)
May 14, 2020  •  Manila, Philippines
Industrial Automation
May 14, 2020  •  Taipei, Taiwan

View all Events

力登最新新闻

独家专访丨惠州如何升级制造业?法资企业CEO提了个建议
Posted on December 2, 2021
力登公司推出MasterConsole®数字双显示器KVM切换器
Posted on February 18, 2021
Legrand Data, Power and Control Division Announced as Finalist in Six Categories at DCS Awards 2020
Posted on November 9, 2020
力登公司(Raritan)推出新型智慧型机架控制器(SRC),用于智能地管理数据中心和关键基础设施中的环境和安全信息
Posted on November 9, 2020
Legrand India Launches Datacenter Infrastructure Solution for the addressable market size of INR 3000 crores
Posted on August 23, 2020

View all news