IT Security News and Opinion
Thursday May 23rd 2013
Auto Discovery Webinar

Beware the Long-Running IPMI `Lights Out Management Exploit’

Internet Storm Center’s recent report about how Intel’s IPMI (Intelligent Platform Management Interface) allows hackers remote access to servers, even when the server is switched off, is an accident waiting to happen for many major corporations.

Intel introduced IPMI in the late 1990s to allow system administrators to manage a computer system and monitor its operation. As a message-based, hardware-level interface specification, the IPMI sub-system operates independently of the operating system. It allows IT admins to manage a system remotely in the absence of an operating system – or the system management software.

Put simply, it provides remote access to the server – and some high-end desktops – with just power and a network connection, even if the server is ostensibly turned off and the operating system has not booted. Bottom line? You can be hacked even when your systems are switched off.

Although IPMI is supported by a number of specialist applications, because the technology is so old, many network and security admins may be unaware of its existence. However, it is likely – especially now that the vulnerability has been reported – that hackers will have exploited the issue.

This is one of those long-running technology loopholes that cybercriminals love, as it allows them low-level backdoor access to corporate servers.

It is worth noting, that while the development of IPMI was initially led by Intel in the late 1990s, the technology has been supported by many vendors whose technology is widely distributed in corporate data centers.

The good news is that IPMI can be turned off, but since it is left on by default and many network/security admins are unaware of its existence, there is a clear and present danger from the technology.

My company develops privileged identity management products that can prevent hackers from exploiting the IPMI backdoor. This technology helps our clients manage Dell DRAC, HP iLO and generic IPMI devices in exactly the way this SANS report suggests. It is to be hoped that network/security admins – once they realize the potential security loophole that IPMI engenders – look at technologies like privileged identity management to better protect their data from these technology backdoors.

Does your organization have protections in place against these types of security backdoors? Leave a comment below. You can also follow my company on Twitter: @liebsoft or connect with me via LinkedIn.

FacebookTwitterLinkedInDeliciousTechnorati FavoritesDiggBlogger PostGoogle ReaderShare
Post Published: 15 June 2012
Author: Philip Lieberman
Found in section: Latest IT News, Security Best Practices, Technology News

Tags: , ,

Previous Topic:
Next Topic:

Leave a Reply


two × = 6

Follow Us

    Follow us on Twitter            Follow us on LinkedIn

  Visit our YouTube Page              Identity Week RSS Feed
Visit the Lieberman Software Website

Archives

Recent Comments

Tags

Administrator Password Application-to-Application Credentials Application Security Cloud Computing Cloud Security CSO cyber-attacks cyber attack Cyber Security data breach Data Breaches Datacenter Security Data Security default password disaster recovery enterprise security Governance Risk and Compliance hacktivism Identity Management insider threat Insider Threats Internet security IT Audit IT Auditing Compliance Reports IT Marketplace IT Outsourcing IT security IT Security Threats online privacy Password Security PCI-DSS Compliance privileged account credentials privileged account management privileged accounts Privileged Identities privileged identity management regulatory compliance RSA Securing Legacy Applications Security Management SIEM smart card smartphone security stolen credit card Stuxnet