Basic BMC and IPMI Management Security Practices

From Serve The Home

In light of multiple stories about BMC security breaches, we wanted to put a basic BMC and IPMI management security practices article together. This is likely a piece we will update over time. It is also one where there is an entire industry catering to management interface security, so this is only going to provide some bare minimum basics. If you are a new administrator, this should help avoid the top mistakes at a minimal incremental cost.

Editorial side-note – BMC, IPMI, ILo, Redfish, Intel AMT, Intel ME, AMD PSP – these are *computers* that control your computer. Sure, they run firmware, but in almost every case it is a full blown multi-tasking, typically multi-user networked computer. So.. their security, is networked computer security. It is really boring (credit to James Mickens). Encrypted network connections. Strong, non-default passwords.. for all users. 2FA if you can manage it!

Just because you think you might not have connected it to a network, or you think the “management network” to which you attached it is secure….

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s