FEATURE
SUBTLE
ATTACKERS MAY
ATTEMPT TO STAY
LOW-AND-SLOW
BY PATIENTLY
EXFILTRATING
DATA AT RATES
THAT ARE
LESS LIKELY
TO BE NOTICED
OR AROUSE
SUSPICION.
Matt Walmsley, EMEA Director, Vectra
The administrative
hardware backdoor
Local authentication offers an example
of a backdoor that administrators – and
attackers – can use to gain access to a
data centre. However, there are other
examples that take the same approach
and extend it deeper into the hardware.
While the data centre is synonymous with
virtualisation, the virtualised environments
and resources still need to run on physical
hardware. Virtual disks are ultimately
dependent on physical disks and the
physical disks run in physical servers.
Physical servers likewise have their
own management planes designed for
lights-out and out-of-band management.
36
Issue 14
The management planes have their own
management protocols, power, processors
and memory, which allow admins to
mount disks and re-image servers even
when the main server is powered off.
These actions are often performed via
protocols such as the Intelligent Platform
Management Interface (IPMI). While
many hardware vendors have their own
branded versions of IPMI – such as Dell
iDRAC or HPE Integrated Lights-Out (ILO)
– they are all based on IPMI and perform
the same functions.
IPMI and its related protocols have well-
documented security weaknesses and
are often slow to receive updates and
fixes. Additionally, there is currently a
worrying 92,400 hosts’ IPMI interfaces
exposed to the Internet. The combination
of IPMI vulnerabilities and its immense
www.intelligentdatacentres.com