博客

IoT Security Compliance at the Rack Level

Posted on October 1, 2021 by Gento

The world is driven by software is not a shocking claim, but the ubiquity of its presence is worth a reminder. A recent hunt for a new refrigerator served as a notification, in case I had forgotten, about the pervasive nature of the IoT and the ability to connect to just about anything, even an appliance, from anywhere you have an internet connection. The same holds true for our large modern data center networks, obviously, from building automation and controls packages right down to the software operating intelligent rack PDUs. 

The relative openness of our software-driven world means that, in some ways, we are even more vulnerable than ever. And while your leftovers are relatively safe, IoT botnet attacks such as the ‘Star Wars’ Twitter botnet of 2017, ransomware attacks on our fuel and food supplies, and recent similar attacks on US businesses serve as a reminder that if you have software and internet-connected devices, you have vulnerabilities. 

For this reason, Legrand takes the security of its Raritan line of rack PDUs very seriously. Our PX3 PDUs have recently undergone a thorough software security audit by the firm Pivot Point Security. This penetration testing involves OSSTM, PTES, and OWASP testing methodology, as well as guidance from relatively recent legislation out of California known as CA SB 327

Here is the process that the Raritan PX3 software underwent: 

  • Full testing of the device’s exposed services from a network perspective 

  • An OWASP Top 10 assessment of any exposed applications 

  • A full assessment of the communication channel’s security 

  • An assessment of the physical security of the device 

  • A hardware security assessment of the device’s internals 

  • Binary and reverse engineering analysis of the device’s firmware 

California is the only state in the union to have passed legislation for consumer-related IoT devices. CA SB 327 defines IoT devices to include any device or “other physical object” that is capable of connecting to the internet (even “indirectly,” such as by pairing with another device) and assigned an IP or Bluetooth address. 

Under the law, devices must be equipped with “reasonable security features” designed to protect the device, and information contained in the device, from “unauthorized access, destruction, use, modification, or disclosure.” Reasonable security features are defined as those “appropriate” to the “nature and function of the device” and the “information it may collect, contain, or transmit.” Importantly, manufacturers should view the law as an effort to protect user safety and consumer privacy—and even safeguard against threats to public safety. 

While the specifics of the legislation are somewhat vague, Raritan understands the requirements of mission-critical data security. By supporting the fight against any vulnerabilities through independent testing, Raritan’s rack PDUs are secured in a manner consistent with industry best practices. Contact us to learn more about the security testing of Raritan PX3 software.

Other Blog Posts

The cascade effect of data center failure on businesses - why sensors are essential
Posted on November 5, 2023
人工智能的快速发展和使用力登PDU满足更高的电力需求
Posted on October 11, 2023
Data Center Report Fewer Outages, But Downtime Still Costly
Posted on September 20, 2023
Survey: Energy Usage and Staffing Shortages Challenge Data Centers
Posted on September 20, 2023
力登安全交换机(RSS):安全NIAP 4.0兼容式桌面型KVM
Posted on September 20, 2023

View all Blog Posts

力登官方微信公众号

力登官方微信公众号
cn-blogfollow

近期活动

New Zealand Cloud & Datacenter Convention 2022
3 November 2022, 9am – 4pm  •  Grand Millennium Hotel, Auckland, New Zealand
Data Centre World Singapore
12th – 13th Oct 2022
Korea Cloud & Datacenter Convention 2022
6th Oct 2022
Philippines Cloud & Datacenter Convention 2022
4th Aug 2022
JANOG50 Meeting Hokkaido
3th – 15th July 2022

View all Events

力登最新新闻

重振数据中心行业—罗格朗重磅推出两款革命性的智能机架式PDU!
Posted on May 1, 2023
独家专访丨惠州如何升级制造业?法资企业CEO提了个建议
Posted on December 2, 2021
力登公司推出MasterConsole®数字双显示器KVM切换器
Posted on February 18, 2021
Legrand Data, Power and Control Division Announced as Finalist in Six Categories at DCS Awards 2020
Posted on November 9, 2020
力登公司(Raritan)推出新型智慧型机架控制器(SRC),用于智能地管理数据中心和关键基础设施中的环境和安全信息
Posted on November 9, 2020

View all news