Internet Storm Center’s recent report about how Intel’s IPMI (Intelligent Platform Management Interface) allows hackers remote access to servers, even when the server is switched off, is an accident waiting to happen for many major corporations.
Intel introduced IPMI in the late 1990s to allow system administrators to manage a computer system and monitor its operation. As a message-based, hardware-level interface specification, the IPMI sub-system operates independently of the operating system. It allows IT admins to manage a system remotely in the absence of an operating system – or the system management software.
Put simply, it provides remote access to the server – and some high-end desktops – with just power and a network connection, even if the server is ostensibly turned off and the operating system has not booted. Bottom line? You can be hacked even when your systems are switched off.
Although IPMI is supported by a number of specialist applications, because the technology is so old, many network and security admins may be unaware of its existence. However, it is likely – especially now that the vulnerability has been reported – that hackers will have exploited the issue.
This is one of those long-running technology loopholes that cybercriminals love, as it allows them low-level backdoor access to corporate servers.
It is worth noting, that while the development of IPMI was initially led by Intel in the late 1990s, the technology has been supported by many vendors whose technology is widely distributed in corporate data centers.
The good news is that IPMI can be turned off, but since it is left on by default and many network/security admins are unaware of its existence, there is a clear and present danger from the technology.
My company develops privileged identity management products that can prevent hackers from exploiting the IPMI backdoor. This technology helps our clients manage Dell DRAC, HP iLO and generic IPMI devices in exactly the way this SANS report suggests. It is to be hoped that network/security admins – once they realize the potential security loophole that IPMI engenders – look at technologies like privileged identity management to better protect their data from these technology backdoors.
Does your organization have protections in place against these types of security backdoors? Leave a comment below. You can also follow my company on Twitter: @liebsoft or connect with me via LinkedIn.