Date: Sat, 5 Apr 2014 15:00:26 +0000 From: Kamil Choudhury <Kamil.Choudhury@anserinae.net> To: "freebsd-hackers@freebsd.org" <freebsd-hackers@freebsd.org> Subject: Securing baseboard managers Message-ID: <F9A7386EC2A26E4293AF13FABCCB32B301519A6260@janus.anserinae.net>
next in thread | raw e-mail | index | archive | help
First, a quick story.=20 A new motherboard I just bought has one of those out of band management=20 Ethernet ports. When I connected it into my cable router, despite the=20 cord being plugged into the non-baseboard Ethernet port, the baseboard=20 grabbed my public IP (I use this box as a router) instead of FreeBSD.=20 So. I exposed the baseboard's janky operating system running god knows=20 what ancient version of Linux to the internet, and momentarily gave all=20 comers (the credentials were, of course, admin/admin) the power to=20 remotely reboot my computer. Yikes.=20 The stakes here were low: I was at home, and there's really nothing all=20 that valuable on my network. But at the end of the day, these baseboard controllers are running unmanaged, unaudited code on our networks, and=20 that scares me.=20 So...my questions:=20 1/ How do you protect yourself against this kind of vulnerability? Am I paranoid for even thinking this is a problem?=20 2/ While out of band management is useful, I just can't bring myself to=20 trust software that seems to have been written by poo-flinging monkeys (seriously, you need to see the browser-based UI they provide: frames! <blink>! Java applets!). Is there any way to replace the vendor provided=20 solution with something more auditable and configurable? Maybe a teeny-tiny= =20 BSD-based distribution?=20 I spend my days doing application development, so I am probably missing=20 a lot of perspective that more systems-oriented people have. If my=20 questions are ridiculous, feel free to tell me so and send me on my way! Thanks in advance,=20 Kamil
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F9A7386EC2A26E4293AF13FABCCB32B301519A6260>