Solutions by Need

Server Access

Server Access

Primary use cases for Cryptzone’s secure network access solution include securing third-party and privileged user access, and securing cloud-based AWS and Azure workloads.  In addition, and no less risk exposed, are Baseboard Management Controllers (BMC) and their associated intelligent platform management interface (IPMI) protocol.

Baseboard Management Controller and IPMI Vulnerabilities

According to Bruce Schneier, baseboard management controllers (BMCs) and their associated intelligent platform management interfaces (IPMI) represent the perfect spying platform. “You can’t control it. You can’t patch it. It can completely control your computer’s hardware and software.  And its purpose is remote monitoring.  At the very least, we need to be able to look into these devices and see what’s running on them.”  AppGate can significantly reduce breach potential within the enterprise network for BMCs, specifically the Dell Remote Access Controller (DRAC) and HPE’s Integrated Lights Out (iLO).  With 94% of organizations focus being on applications and the OS, hardware can become the “way in” for cybercriminals.

The problem with BMCs is that default passwords are often left in place, thereby creating the opportunity for cybercriminals.  While many customers have LDAP, PAM solutions, password vaults and jump servers in place, none of these solutions solve the problem of protecting servers on the management network.  

Product NameDefault UsernameDefault Password
HP Integrated Lights Out (iLO)Administrator<factory randomized 8-character string>
Dell Remote Access Card (iDRAC, DRAC)rootcalvin
IBM Integrated Management Module (IMM)USERIDPASSW0RD (with a zero)
Fujitsu Integrated Remote Management Controlleradminadmin
Supermicro IPMI (2.0)ADMINADMIN
Oracle/Sun Integrated Lights Out Manager (ILOM)rootchangeme
ASUS iKVM BMCadminadmin

Organizations have worked hard to align application-level user entitlements with what’s appropriate based on their role and job function.  This is controlled at the authentication and authorization level – but NOT at the network level.  There’s a huge gap between what users are authorized to do, and what they can see.  This gap represents a huge and unnecessary attack surface, which we’ve seen malicious actors exploit time and time again.  

The solution is AppGate.  It provides a context-aware perimeter for each user that provides dynamic fine-grained network access control.  AppGate dramatically simplifies the user access problem, drawing on user context to dynamically create a segment of one tailored for each user.  AppGate automatically controls the user’s network access at a fine-grained level, ensuring that users can only access authorized resources.  All unauthorized network resources are automatically hidden from users, completely preventing malicious users or attackers from exploiting weaknesses or moving across the network.  With traditional solutions, BMCs and unauthorized services are still visible on the network, and are ripe for exploitation.