Baseboard Management Controller and IPMI Vulnerabilities
According to Bruce Schneier, baseboard management controllers (BMCs) and their associated intelligent platform management interfaces (IPMI) represent the perfect spying platform. “You can’t control it. You can’t patch it. It can completely control your computer’s hardware and software. And its purpose is remote monitoring. At the very least, we need to be able to look into these devices and see what’s running on them.” AppGate can significantly reduce breach potential within the enterprise network for BMCs, specifically the Dell Remote Access Controller (DRAC) and HPE’s Integrated Lights Out (iLO). With 94% of organizations focus being on applications and the OS, hardware can become the “way in” for cybercriminals.
The problem with BMCs is that default passwords are often left in place, thereby creating the opportunity for cybercriminals. While many customers have LDAP, PAM solutions, password vaults and jump servers in place, none of these solutions solve the problem of protecting servers on the management network.
|Product Name||Default Username||Default Password|
|HP Integrated Lights Out (iLO)||Administrator||<factory randomized 8-character string>|
|Dell Remote Access Card (iDRAC, DRAC)||root||calvin|
|IBM Integrated Management Module (IMM)||USERID||PASSW0RD (with a zero)|
|Fujitsu Integrated Remote Management Controller||admin||admin|
|Supermicro IPMI (2.0)||ADMIN||ADMIN|
|Oracle/Sun Integrated Lights Out Manager (ILOM)||root||changeme|
|ASUS iKVM BMC||admin||admin|
Organizations have worked hard to align application-level user entitlements with what’s appropriate based on their role and job function. This is controlled at the authentication and authorization level – but NOT at the network level. There’s a huge gap between what users are authorized to do, and what they can see. This gap represents a huge and unnecessary attack surface, which we’ve seen malicious actors exploit time and time again.
The solution is AppGate. It provides a context-aware perimeter for each user that provides dynamic fine-grained network access control. AppGate dramatically simplifies the user access problem, drawing on user context to dynamically create a segment of one tailored for each user. AppGate automatically controls the user’s network access at a fine-grained level, ensuring that users can only access authorized resources. All unauthorized network resources are automatically hidden from users, completely preventing malicious users or attackers from exploiting weaknesses or moving across the network. With traditional solutions, BMCs and unauthorized services are still visible on the network, and are ripe for exploitation.