Forums
New posts
Search forums
What's new
New posts
New media
New media comments
Latest activity
Classifieds
Media
New media
New comments
Search media
Log in
Register
What's New?
Search
Search
Search titles only
By:
New posts
Search forums
Menu
Log in
Register
Navigation
Install the app
Install
More Options
Advertise with us
Contact Us
Close Menu
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
The Water Cooler
General Discussion
The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
Search titles only
By:
Reply to Thread
This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
Message
<blockquote data-quote="NightShade" data-source="post: 3162840" data-attributes="member: 29706"><p>Nope, they took the researchers information that applies to all boards that have BMC or IPMI controllers for datacenter bare metal access remotely and applied it to only SuperMicro. For anything that is out of date or setup in an insecure method someone can easily cause problems and hack the boards. However physical separation of the the IPMI port from the general data port mitigates the majority of that issue. I can't comment on how a large datacenter would do things but I would not want to have the IPMI ports connected to ANY of the ports that transfer data to the internet. Physical separation of both networks will cost a little more in the short run but is a huge security gain in the long run. Plus all it ends up being is an extra switch and a little extra cat5 cabling and honestly if you were connecting the ports up to begin with it's not even an extra switch since you would need another switch for the ports to be in use anyway. The other option is setting up vLan which is still pretty secure in it's own way.</p><p></p><p><a href="https://www.servethehome.com/yossi-appleboum-disagrees-bloomberg-is-positioning-his-research-against-supermicro/" target="_blank">https://www.servethehome.com/yossi-appleboum-disagrees-bloomberg-is-positioning-his-research-against-supermicro/</a></p><p></p><p></p><p>For those who do not understand what IPMI is <a href="https://en.wikipedia.org/wiki/Intelligent_Platform_Management_Interface" target="_blank">https://en.wikipedia.org/wiki/Intelligent_Platform_Management_Interface</a> will explain it. But basically it allows a user to manage a server as if they were sitting in front of it with a tool and an ethernet connection. This allows you to literally do ANYTHING that you could do physically sitting at the computer and in some ways more since you can remotely mount ISO's and load the operating system. I have it and use it from time to time when I check on my FreeNAS. To turn off access I can simply unplug the Cat5 Cable. Some systems will however default that if a cable is not plugged in to the dedicated IPMI interface that the first LAN port will allow access. In my case since I am not using the built in LAN ports for data transfer but instead have a 10Gbit fiber card this is not an issue.</p><p></p><p></p><p></p><p>My router uses a similar IPMI port and while I am using the LAN ports it doesn't matter since when I acquired the board the IPMI function was damaged. The only way to even hook up a monitor is to insert a video card of some sort and even using the tool while it will connect there is nothing else available, could not even power cycle the board. Hence the reason why the purchase price of the board was refunded. I didn't figure out until afterwards that the board was still semi functional however as a router I only need access to it if there is an issue or I am initially setting things up. Otherwise management is done through a web page.</p><p></p><p>All I can say is I have two Supermicro boards and set a system up for my father and step-daughter using Supermicro boards. The BS that Bloomberg is crapping out is custom built from a bull's rear end.</p></blockquote><p></p>
[QUOTE="NightShade, post: 3162840, member: 29706"] Nope, they took the researchers information that applies to all boards that have BMC or IPMI controllers for datacenter bare metal access remotely and applied it to only SuperMicro. For anything that is out of date or setup in an insecure method someone can easily cause problems and hack the boards. However physical separation of the the IPMI port from the general data port mitigates the majority of that issue. I can't comment on how a large datacenter would do things but I would not want to have the IPMI ports connected to ANY of the ports that transfer data to the internet. Physical separation of both networks will cost a little more in the short run but is a huge security gain in the long run. Plus all it ends up being is an extra switch and a little extra cat5 cabling and honestly if you were connecting the ports up to begin with it's not even an extra switch since you would need another switch for the ports to be in use anyway. The other option is setting up vLan which is still pretty secure in it's own way. [URL]https://www.servethehome.com/yossi-appleboum-disagrees-bloomberg-is-positioning-his-research-against-supermicro/[/URL] For those who do not understand what IPMI is [URL]https://en.wikipedia.org/wiki/Intelligent_Platform_Management_Interface[/URL] will explain it. But basically it allows a user to manage a server as if they were sitting in front of it with a tool and an ethernet connection. This allows you to literally do ANYTHING that you could do physically sitting at the computer and in some ways more since you can remotely mount ISO's and load the operating system. I have it and use it from time to time when I check on my FreeNAS. To turn off access I can simply unplug the Cat5 Cable. Some systems will however default that if a cable is not plugged in to the dedicated IPMI interface that the first LAN port will allow access. In my case since I am not using the built in LAN ports for data transfer but instead have a 10Gbit fiber card this is not an issue. My router uses a similar IPMI port and while I am using the LAN ports it doesn't matter since when I acquired the board the IPMI function was damaged. The only way to even hook up a monitor is to insert a video card of some sort and even using the tool while it will connect there is nothing else available, could not even power cycle the board. Hence the reason why the purchase price of the board was refunded. I didn't figure out until afterwards that the board was still semi functional however as a router I only need access to it if there is an issue or I am initially setting things up. Otherwise management is done through a web page. All I can say is I have two Supermicro boards and set a system up for my father and step-daughter using Supermicro boards. The BS that Bloomberg is crapping out is custom built from a bull's rear end. [/QUOTE]
Insert Quotes…
Verification
Post Reply
Forums
The Water Cooler
General Discussion
The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
Search titles only
By:
Top
Bottom