部落格

The Dangers of BMC’s and IPMI Highlighted by Security Researchers

Posted on July 26, 2013 by Gento

SecurityRecent articles in Network World, Dark Reading, Wired and Security Week have highlighted the shocking and widespread security vulnerabilities of Baseboard Management Controllers (BMC) (and the associated Intelligent Platform Management Interface (IPMI) protocol), used for remote server management by corporations, service providers and hosting companies.

BMC’s, available from all leading server manufacturers, have direct access to the server’s motherboard. This provides the ability to monitor, boot, and even reinstall the server. Many systems provide KVM-over-IP access and the connection of remote media. Access to the BMC provides virtually unlimited remote control of the server.

Two security researchers have identified these vulnerabilities: Dan Farmer, who originally discovered and documented the vulnerabilities, and HD Moore, who describes how to identify and test for these issues, using readily available security tools. Moore discovered over 300,000 IPMI-enabled vulnerable servers connected to the Internet, as well as additional vulnerabilities.

BMC/IPMI vulnerabilities include: Cyper 0 authentication allowing access with any password, BMC-provided password hashes which can be broken via brute force methods, BMC’s shipping with enabled “anonymous” access, a UPnP vulnerability that provides root access to the BMC, and storage of clear text passwords. Once the BMC is broken into there are multiple ways to infect, control and takeover the server. Conversely, for a compromised server, the BMC can be used to establish a backdoor user account.

All server administrators and security officers need to be aware of Farmer’s and Moore’s work and understand how it affects their servers. As IPMI and BMC implementations vary, consult your server manufacturer(s). Farmer provides IPMI security best practices and Moore provides a useful FAQ.

While this research is rather new and there is much to digest, Raritan’s experts do agree that there are indeed vulnerabilities that customers should take seriously. Given the power and opacity of the BMC, this is doubly true.

Moore: “In addition to vulnerabilities in the IPMI protocol itself, most BMCs seem to suffer from issues common across all embedded devices, namely default passwords, outdated open source software, and, in some cases, backdoor accounts and static encryption keys.”

Moore: “The world of BMCs is a mess that is not likely to get better anytime soon, and we need to be crystal clear about the risk these devices pose to our networks.”

Farmer: “Imagine trying to secure a computer with a small but powerful parasitic server on its motherboard; a bloodsucker that can’t be turned off and has no documentation; you can’t login, patch, or fix problems on it; server-based defensive, audit, or anti-malware software can’t be used. Its design is secret and implementation old.”

Farmer: “It’s also the perfect spy platform: nearly invisible to its host, it can fully control the computer’s hardware and software, and it was designed for remote control and monitoring.”

A New Face at Raritan - raritanDCIM.com

Posted on May 29, 2013 by Gento

Have you heard about raritanDCIM.com - Raritan’s new way to communicate all things DCIM.  Come visit and check out:

  • What’s DCIM:  Learn about the components to consider when selecting a DCIM provider, the benefits from a DCIM and more importantly, how to get started.
  • Client Success and Resources:  Learn how you can use DCIM to successfully manage your Data Center.  Try the ROI calculator, download white papers and read case studies on successful customer deployments.
  • Services:  When thinking about DCIM, don’t forget service and training.  See a list of key considerations as you plan out your DCIM strategy.  Read about our Quick Start, Turnkey, Integration, and Training Services.

If you have a question, chat live with one of our DCIM experts or if you’d rather see it live, schedule a demo and take Raritan’s DCIM for a spin and see how it can easily support your DICM initiatives.

Visit  raritanDCIM.com and let us know what you think.  We look forward to hearing from you.

Limited Free Passes Available for DatacenterDynamics (DCD) DCD Washington taking place May 2nd

Posted on April 25, 2013 by Gento

Raritan has a limited number of complimentary passes available (for end users only) for the DCD Washington show taking place on May 2nd. Contact Dorothy.Ochs@Raritan.com.

We will also have live demos in our booth (#TCB) and a raffle drawing for an iPad mini. Hope you can join us.

For more details, visit http://www.datacenterdynamics.com/conferences/2013/washington-dc-2013

Deploying High Power at the Rack Webinar - April 25th

Posted on April 10, 2013 by Gento

High-power requirements for data centers include racks filled with 1U “pizza box” servers or multiple blade server chassis in one rack. Network storage devices can also drive high demand for power.

Many data center managers are doing a good job conserving energy but, average power consumption at the rack may still go up. In fact, the increased efficiency means more power is available to support data center growth. This webinar will examine how to determine and design for peak actual power demand and the most efficient and reliable approaches for delivering power, especially when deploying blade servers.

Date: Thursday, April 25, 2013
Time: 11:00 AM ET
Register: https://www1.gotomeeting.com/register/829819449

Gamer Heads, Power Down.

Posted on March 27, 2013 by Gento

blog photo

In a recent study by Carnegie Mellon University it is believed that video game consoles cost U.S. homeowners more than $1.24 billion per year. A significant portion of that cost is due to 10.8 terawatt-hours of power consumption (is that right?), according to their study.

We can all agree wasted energy adds up quickly when you have gamers starting at a very young age and continuing into adulthood. No worries, just like anything else there is a solution and believe it or not it is SIMPLE. All you games really need to do is fully turn off the console when you are done. And don’t worry, your game will save. It’s no longer the days of the Atari 2600 when all your settings and achievements get lost when you power down.

Sony and Microsoft have worked to make their products more energy efficient however;, both the Xbox 360 and PS3 still draw significant power. If gamers choose to let their consoles go into standby mode and not completely power them down as they often do, the game console can continue to consume about 75 watts of power..

To provide the consumer with a better understanding of this high cost and wasted power issue, game console manufactures can create efficiency charts that show the power wasted over a certain period of time if the console does not get completely powered off.

Manufacturers can utilize Raritan iPDUs to implement power efficiency testing methods that can build a framework for game console power utilization efficiency standards.

Page 1 of 2 pages  1 2 > 

訂閱

近期活動

Data Cloud India
February 5-6, 2020  •  Mumbai, India
Industrial Automation
April 24, 2020  •  Tainan, Taiwan
DigiTimes Data Center Forum Taipei
May 8, 2020  •  Taipei, Taiwan
Cloud & Data Center Convention (Wmedia)
May 14, 2020  •  Manila, Philippines
Industrial Automation
May 14, 2020  •  Taipei, Taiwan

View all Events

Raritan最新新聞

Raritan Introduces Economical New Generation KVM-Over-IP Switch and Serial Access for SMBs
Posted on March 16, 2020
Extended IT rack power mapping possibilities with Raritan’s locking solution
Posted on October 23, 2019
Raritan Ranked as the Global Leader in KVM-over-IP Switches
Posted on October 21, 2019
Raritan’s New KVM-over-IP User Station Brings 4K Performance and Productivity to Remote Equipment Access
Posted on September 18, 2019
Raritan’s New 4K Ultra HD KVM-over-IP Switch Wins Best of Show Award at NAB
Posted on May 22, 2019

View all news