Garnering knowledge of potential threats that are relatively unknown requires research and, more importantly, a holistic approach to understanding how intruders may be able to compromise systems. For example, consider the all too common “lights out” remote control options integrated into the majority of today’s servers.
Those integrated remote control offerings are built upon baseboard management controllers (BMCs) and leverage a server management protocol called Intelligent Platform Management Interface (IPMI). IPMI was created to standardize communications between server management tools and the various BMCs on the market. While this concept is effective from a systems management perspective, it does, however, create a problem from a security perspective.
Intelligent Platform Management Interface (IPMI) as a Security Vector
Simply put, if an open management protocol is truly open, then intruders can leverage that protocol to gain access, and in many cases, that access will not be detected or noticed. With BMCs, the level of possible compromise magnifies the potential threat. An attacker can gain control over the connected server via BMC and IPMI. With that control, the attacker can directly access and modify the system memory of the running server.
Although the posed threat borders on the unknown, the IPMI specification itself warns of the low-level system, disk and memory access that is provided. One of the most likely attacks takes the form of rebooting the server and loading a “virtual” CD-ROM that is configured as a rescue disk. That rescue disk may contain applications such as CHNTPW, which resets the windows administrator account password, or Kon-boot, which performs an in-memory patch that disables console authentication in both Linux and Windows.
What’s more, attackers may gain full console access via the BMC’s KVM functionality, which provides the equivalent of physical access, allowing intruders to access BIOS settings, watch the physical display, or even manipulate or copy the file system without any assistance from the server’s operating system.
The threat from BMCs must not be underestimated. Network managers deal with threats and compromises on a daily basis, and they have become well accustomed to the known Baseboard Management Controllers threat vectors that permeate today’s complex IT infrastructures. UNICOM Engineering recommends some specific best practices to deal with IPMI/BMC threats, which are available at http://fish2.com/ipmi/bp.pdf . Additional information can be found at http://fish2.com/ipmi/.