Out-of-Band Management Security Implications

If you’re interested about IPMI security then I suggest you read the below interesting paper by Dan Farmer. Intel’s IPMI (Intelligent Platform Management Interface) allows system administrators with a means to manage their hardware in an Out of Band (OOB) or Lights Out Management (LOM) fashion. This paper discusses IPMI design, utilization, and vendor issues that cause complex, pervasive, and serious security infrastructure problems. IPMI is mostly used for low-level tasks like rebooting servers, monitoring physical sensors, providing virtual remote consoles and so on. However, due to its design, IPMI could also provide a mechanism to spy, control, and modify data and network traffic in a fashion that is about as close to invisible as can be imagined. To top it off IPMI access is governed by a clear text (i.e. unencrypted) set of passwords stored on the motherboard between all servers in a management group.

Modern servers have an embedded computer called the Baseboard Management Controller (BMC), which has its own CPU, RAM, storage, and physical network interface that all operate independently of the main server. The BMC was designed to facilitate out of band (OOB) operations and implement the Intelligent Platform Management Interface (IPMI).

Read more here – http://fish2.com/ipmi/itrain.html

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top