There's a great post by Rob VandenBrink over at the ISC Handler's Diary
about embedded devices that are hiding in plain sight in your data
center.
I was recently in a client engagement where we had to rebuild /
redeploy some ESXi 4.x servers as ESXi 5.1. This was a simple task,
and quickly done (thanks VMware!), but before we were finished I
realized that we had missed a critical part - the remote managent
[sic] port on the servers. These were iLO ports in this case, as the
servers are HP's, but they could just as easily have been DRAC /
iDRAC (Dell), IMM or AMM (IBM) or BMC (Cisco, anything with a Tyan
motherboard or lots of other vendors). These "remote management
ports are in fact all embedded systems - Linux servers on a card,
booting from flash and usually running a web application. This means
that once you update them (via a flash process) they are "frozen in
time" as far as Linux versions and patches go. In this case, these
iLO cards hadn't been touched in 3 years.
So from a security point of view, all the OS version upgrades and
security patches from the last 3 years had NOT been applied to these
embedded systems.
This is a thorny issue as systems often need downtime to patch these
systems. Check out the thread there for how others are handing or
mitigating this.
Oh, and I'll throw in Sun's LOM (Lights Out Management) to the list.
via [1]ISC Diary | Silent Traitors - Embedded Devices in your
Datacenter.
__________________________________________________________________
My original entry is here: [2]ISC Diary | Silent Traitors - Embedded
Devices in your Datacenter. It posted Tue, 26 Feb 2013 15:31:52 +0000.
Filed under: technology, data center, embedded devices, esx, ilo,
InfoSec, linux, vmware,
References
1.
https://isc.sans.edu/diary/Silent+Traitors+-+Embedded+Devices+in+your+Datacenter/15277
2.
https://www.prjorgensen.com/2013/02/26/isc-diary-silent-traitors-embedded-devices-in-your-datacenter/
