IPMI/BMC/BIOS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



We have recently been asked to evaluate some computing machinery for
a new project. This particular end user has very limited experience
with the stated security requirements in a lights-out environment.
Their primary work (as well as mine) in the past has been with very
small, simple networks of desktop machines and a few servers with
extremely limited access.  For the most part, their admins haverefused to use any maintenance connectivity to servers other thanthe primary serial ports.

There is a concern about system security primarily driven by recent
information searches performed by end user admins and included below.

IPMI/BMC Security Issues
------------------------
https://en.wikipedia.org/wiki/Intelligent_Platform_Management_Interface
http://www.google.com  ; Search:  IPMI "Security Holes" -- Hits: 14,500
http://www.google.com  ; Search:  IPMI BMC "Security Holes" -- Hits: 4950

BIOS Security Issues
--------------------
https://en.wikipedia.org/wiki/BIOS
http://www.google.com  ; Search:  BIOS "Security Holes" -- Hits: 342,000

My initial recommendation was to use a totally separate network for any
service processors within the servers that implement IPMI/BMC capabilities.
This has been standard practice in most systems I have worked on in the
past, and has allowed certification with essentially no problems. The BIOS
concern seems to be another issue to be addressed separately.

Any connectivity and access to a system brings security issues.  The list
from these searches is huge.  Are there specific things that must always be
addressed for system security besides keeping junior admins off the server
supporting the maintenance network?

Thanks in advance for any feedback and best regards.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux