Defending Out-of-Band Management Attacks
Out-of-Band Management, also known as Light-Out Management (LOM), refers to abilities of systems to be configured remotely via a management processor, without the main CPU knowing what's happening, even when the main CPU is "powered off". Examples of these technologies include: IPMI, HP iLO, Dell DRAC, DASH, SMASH, Intel AMT, and Redfish, among others. Redfish is the latest, and most vendors have Redfish implementations that sit on top of their previous proprietary interfaces. In addition to servers, these interfaces are common on 'business class' laptops. These interfaces enable changing firmware images, OS drivers and files, as well as control the hardware, so they are also of interest to attackers, not just system administrators. This presentation will help system administrators understand Redfish, and related technologies, discuss some of the recent vulnerabilities, and how to protect against common attacks.
- 45 min
- LinuxFest Northwest 2019
- Open Source Firmware