Abstract:
The Intelligent Platform Management Interface (IPMI) is a protocol that allows administrators to manage servers remotely. Hardware vendors including Dell, HP, Supermicro, IBM, Lenovo, Fujitsu and Oracle support IPMI though a Baseboard Management Controller (BMC) which can either be integrated into the motherboard or purchased as a pluggable module. The BMC runs silently alongside other components of the server and provides a lower level of hardware access than the Operating System (OS). This allows support for features like power cycling the server, mounting virtual media and accessing a remote console. The failure of BMC vendors to produce a more secure product, along with the inherent flaws of the IPMI protocol, increases the need for these systems' security capabilities to be evaluated. The IPMI protocol and various vendor implementations of the BMC has been the subject of recent scrutiny, and initial investigation has raised concerns about the security properties of these components. This project focuses on evaluating specific IPMI supported hardware and software setup in an environment modeled to simulate real use, for the explicit purpose of evaluating the security of the system. This project presents: several methods by which unprivileged users can gain remote access to the system, a list of best practices for proper configuration, a guide to clearing configuration settings before decommission, and a basic Metasploit module to scan for BMC related services.
