OpenBSD and IPMI

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

OpenBSD and IPMI

Denis Lapshin-2
By reading this article
blog.rapid7.com/2013/07/02/a-penetration-testers-guide-to-ipmi/ my hair
raised. <Word_0>

How to OpenBSD security withstands against IPMI holed solution from top
hardware vendors?

Best ways to prevent potential risks for OpenBSD over IPMI?

Thanks
Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD and IPMI

Janne Johansson-3
2018-03-09 14:11 GMT+01:00 Denis <[hidden email]>:

> By reading this article
> blog.rapid7.com/2013/07/02/a-penetration-testers-guide-to-ipmi/ my hair
> raised. <Word_0>
>
> How to OpenBSD security withstands against IPMI holed solution from top
> hardware vendors?
>

TOP hardware vendors name it LOM or ILO or Drac instead, then you are safe
from IPMI holes. ;)

--
May the most significant bit of your life be positive.
Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD and IPMI

Rupert Gallagher
In reply to this post by Denis Lapshin-2
I extend the question to Intel ME (similar to IPMI), cloud hosting (direct access to hardware by sysadmins) and virtual machines. I think the answer is default encryption of both disk and ram.

On Fri, Mar 9, 2018 at 14:11, Denis <[hidden email]> wrote:

> By reading this article blog.rapid7.com/2013/07/02/a-penetration-testers-guide-to-ipmi/ my hair raised.  How to OpenBSD security withstands against IPMI holed solution from top hardware vendors? Best ways to prevent potential risks for OpenBSD over IPMI? Thanks
Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD and IPMI

Kapetanakis Giannis
In reply to this post by Denis Lapshin-2
On 09/03/18 15:11, Denis wrote:

> By reading this article
> blog.rapid7.com/2013/07/02/a-penetration-testers-guide-to-ipmi/ my hair
> raised. <Word_0>
>
> How to OpenBSD security withstands against IPMI holed solution from top
> hardware vendors?
>
> Best ways to prevent potential risks for OpenBSD over IPMI?
>
> Thanks

The OS has nothing to do with a onboard-device running it's own firmware and having direct access to network.

Look for how you can secure/disable lom/drac/bmc whatever itself or the network that is given access to.

G

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD and IPMI

Consus-2
In reply to this post by Denis Lapshin-2
On 16:11 Fri 09 Mar, Denis wrote:
> By reading this article
> blog.rapid7.com/2013/07/02/a-penetration-testers-guide-to-ipmi/ my hair
> raised. <Word_0>
>
> How to OpenBSD security withstands against IPMI holed solution from top
> hardware vendors?
>
> Best ways to prevent potential risks for OpenBSD over IPMI?

Make your IPMI network private.

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD and IPMI

Stuart Henderson
On 2018-03-09, Consus <[hidden email]> wrote:

> On 16:11 Fri 09 Mar, Denis wrote:
>> By reading this article
>> blog.rapid7.com/2013/07/02/a-penetration-testers-guide-to-ipmi/ my hair
>> raised. <Word_0>
>>
>> How to OpenBSD security withstands against IPMI holed solution from top
>> hardware vendors?
>>
>> Best ways to prevent potential risks for OpenBSD over IPMI?
>
> Make your IPMI network private.
>
>

And beware, some machines failover to sharing with a main nic if nothing's
connected to the management nic, and have a common default password.