2

In REF to http://threatpost.com/ipmi-protocol-bmc-vulnerabilities-expose-thousands-of-servers-to-attack and the hacks of several companies and web hosts have been hit and had their servers wiped from remote management hacking.

What can one do to protect their web based remote management ports?

So far I've begun isolating them on VPN connections and limiting customers to their own private VPN and VLANS and keeping the remote interfaces on local IPs.

Is there anything else that can be done to improve their security?

Jason
  • 3,086
  • 4
  • 20
  • 24
  • Related: [Guidelines on out-of-band server management via integrated Lights-out services (iLO, iDRAC etc.)](https://security.stackexchange.com/questions/29387/guidelines-on-out-of-band-server-management-via-integrated-lights-out-services) – Deer Hunter Jan 23 '15 at 09:22
  • If possibly, keep your out of band management and similar things (PDUs, etc) on a physically separate network (with its own switches and stuff) that's never connected to the Internet. –  Apr 23 '15 at 15:55

2 Answers2

1

The only solid way to protect a service against zero-day exploits is to keep that service from being accessible from the Internet. That includes network-internal barriers to keep other compromised servers from being used as a starting point for an attack -- firewalling off IPMI from the Internet is pointless if someone can pass through the firewall to your web server and use it to perform the attack.

Mark
  • 34,390
  • 9
  • 85
  • 134
1

You may be interested in reading the following document: http://fish2.com/ipmi/bp.pdf. Moreover, I encourage you to read the other documentation made by this security researcher on IPMI which are very interesting and well written.

WhiteWinterWolf
  • 19,082
  • 4
  • 58
  • 104