Default passwords for these powerful, out-of-band devices are seldom changed and widely published. [For example, Dell cards use the default password calvin.] This means that anyone with network access and malicious intent can login and power down your datacenter hardware.
The poor state of security at banks and financial institutions continue to make headlines, with cases like the HSBC breach bringing embarrassing attention to this already beleaguered industry. This problem is the result of a fragmented feudal system of homegrown IT development that has evolved over the last 30 years, though not for the better.
Rodney Gedda of CSO Magazine recently posted an excellent description of a security phenomenon known as the “trust time bomb”. In his article Gedda explained how, over time, employees build up an incredible number of privileges that grant them dangerous access. This is akin to the problem with database administrators (DBA) who retain DBA superuser privileges indefinitely, as well as IT staff using the same password on every system in the company as a matter of convenience.