• Login
    View Item 
    •   Home
    • University of Alaska Fairbanks
    • UAF Graduate School
    • Computer Science
    • View Item
    •   Home
    • University of Alaska Fairbanks
    • UAF Graduate School
    • Computer Science
    • View Item
    JavaScript is disabled for your browser. Some features of this site may not work without it.

    Browse

    All of Scholarworks@UACommunitiesPublication DateAuthorsTitlesSubjectsTypeThis CollectionPublication DateAuthorsTitlesSubjectsType

    My Account

    Login

    First Time Submitters, Register Here

    Register

    Statistics

    Display statistics

    Intelligent platform management interface protocol security

    • CSV
    • RefMan
    • EndNote
    • BibTex
    • RefWorks
    Thumbnail
    Name:
    Clayton_S_2014.pdf
    Size:
    7.660Mb
    Format:
    PDF
    Download
    Author
    Clayton, Syler W.
    Committee
    Hay, Brian
    Nance, Kara
    Genetti, Jon
    Keyword
    Client/server computing
    Computer interfaces
    Computer security
    Metadata
    Show full item record
    URI
    http://hdl.handle.net/11122/9761
    Abstract
    The Intelligent Platform Management Interface (IPMI) is a protocol that allows administrators to manage servers remotely. Hardware vendors including Dell, HP, Supermicro, IBM, Lenovo, Fujitsu and Oracle support IPMI though a Baseboard Management Controller (BMC) which can either be integrated into the motherboard or purchased as a pluggable module. The BMC runs silently alongside other components of the server and provides a lower level of hardware access than the Operating System (OS). This allows support for features like power cycling the server, mounting virtual media and accessing a remote console. The failure of BMC vendors to produce a more secure product, along with the inherent flaws of the IPMI protocol, increases the need for these systems' security capabilities to be evaluated. The IPMI protocol and various vendor implementations of the BMC has been the subject of recent scrutiny, and initial investigation has raised concerns about the security properties of these components. This project focuses on evaluating specific IPMI supported hardware and software setup in an environment modeled to simulate real use, for the explicit purpose of evaluating the security of the system. This project presents: several methods by which unprivileged users can gain remote access to the system, a list of best practices for proper configuration, a guide to clearing configuration settings before decommission, and a basic Metasploit module to scan for BMC related services.
    Description
    Master's Project (M.S.) University of Alaska Fairbanks, 2014
    Date
    2014-04
    Type
    Master's Project
    Collections
    Computer Science

    entitlement

     
    ABOUT US|HELP|BROWSE|ADVANCED SEARCH

    The University of Alaska is an affirmative action/equal opportunity employer, educational institution and provider and prohibits illegal discrimination against any individual.

    Learn more about UA’s notice of nondiscrimination.

    Open Repository is a service operated by 
    Atmire NV
     

    Export search results

    The export option will allow you to export the current search results of the entered query to a file. Different formats are available for download. To export the items, click on the button corresponding with the preferred download format.

    By default, clicking on the export buttons will result in a download of the allowed maximum amount of items.

    To select a subset of the search results, click "Selective Export" button and make a selection of the items you want to export. The amount of items that can be exported at once is similarly restricted as the full export.

    After making a selection, click one of the export format buttons. The amount of items that will be exported is indicated in the bubble next to export format.