Discussion:
OpenBSD and IPMI
(too old to reply)
Denis
2018-03-09 13:11:27 UTC
Permalink
By reading this article
blog.rapid7.com/2013/07/02/a-penetration-testers-guide-to-ipmi/ my hair
raised. <Word_0>

How to OpenBSD security withstands against IPMI holed solution from top
hardware vendors?

Best ways to prevent potential risks for OpenBSD over IPMI?

Thanks
Janne Johansson
2018-03-09 13:47:50 UTC
Permalink
Post by Denis
By reading this article
blog.rapid7.com/2013/07/02/a-penetration-testers-guide-to-ipmi/ my hair
raised. <Word_0>
How to OpenBSD security withstands against IPMI holed solution from top
hardware vendors?
TOP hardware vendors name it LOM or ILO or Drac instead, then you are safe
from IPMI holes. ;)
--
May the most significant bit of your life be positive.
Kapetanakis Giannis
2018-03-09 13:56:30 UTC
Permalink
Post by Denis
By reading this article
blog.rapid7.com/2013/07/02/a-penetration-testers-guide-to-ipmi/ my hair
raised. <Word_0>
How to OpenBSD security withstands against IPMI holed solution from top
hardware vendors?
Best ways to prevent potential risks for OpenBSD over IPMI?
Thanks
The OS has nothing to do with a onboard-device running it's own firmware and having direct access to network.

Look for how you can secure/disable lom/drac/bmc whatever itself or the network that is given access to.

G
Consus
2018-03-09 14:37:56 UTC
Permalink
Post by Denis
By reading this article
blog.rapid7.com/2013/07/02/a-penetration-testers-guide-to-ipmi/ my hair
raised. <Word_0>
How to OpenBSD security withstands against IPMI holed solution from top
hardware vendors?
Best ways to prevent potential risks for OpenBSD over IPMI?
Make your IPMI network private.
Stuart Henderson
2018-03-09 18:24:21 UTC
Permalink
Post by Consus
Post by Denis
By reading this article
blog.rapid7.com/2013/07/02/a-penetration-testers-guide-to-ipmi/ my hair
raised. <Word_0>
How to OpenBSD security withstands against IPMI holed solution from top
hardware vendors?
Best ways to prevent potential risks for OpenBSD over IPMI?
Make your IPMI network private.
And beware, some machines failover to sharing with a main nic if nothing's
connected to the management nic, and have a common default password.
Rupert Gallagher
2018-03-09 13:52:19 UTC
Permalink
I extend the question to Intel ME (similar to IPMI), cloud hosting (direct access to hardware by sysadmins) and virtual machines. I think the answer is default encryption of both disk and ram.
By reading this article blog.rapid7.com/2013/07/02/a-penetration-testers-guide-to-ipmi/ my hair raised. How to OpenBSD security withstands against IPMI holed solution from top hardware vendors? Best ways to prevent potential risks for OpenBSD over IPMI? Thanks
Loading...