Intel’s Remote Management Flaw Should Be a Wake-Up Call for Security Teams
Security flaws with built-in server hardware management components (such as IPMI) have been known for a while. Last week’s well-publicized vulnerability in Intel Active Management Technology (Intel AMT) has brought this to the forefront of the security world.
Network World said Intel’s security advisory was an understatement and that:
“The correct verbiage should be: “Our black-box remote management feature turned out to be a security hole the size of the Milky Way Galaxy, but we augmented it for 11 years for your convenience.””
Shodan found over 8,500 public-facing instances like the one below. Based on the published information about the authentication flaw, it’d be trivial for an attacker to obtain hardware level access to these systems, and be able to pwn the OS, modify data, or cripple the system.
While as a security professional I’m unhappy that this vulnerability exists, I’m actually a bit glad to see this particular issue receive some attention – because this is an important security gap which highlights the core of what we at Cryptzone believe:
- It’s safe to assume that all your systems have remotely exploitable vulnerabilities
- Network-level access is a privilege that must be managed
- Unauthorized users must have NO network access to systems
This philosophy applies not just to the server hardware management plane as described above, but also fully up the application stack – whether it’s a database, an SAP system, or a custom-written application.
While patches for AMT are forthcoming, the common and immediate security recommendation is to disable AMT. This is the wrong answer!!
Why the double exclamation points? Three reasons
- We can confidently predict that this will not be the last vulnerability on your servers.
- It’s labor intensive and error-prone to disable this on every server…and chances are there will be servers that get missed.
- And, perhaps most importantly: AMT has value, and presumably organizations want to enable it for authorized users under the appropriate circumstances.
The right answer is to use a security solution which allows authorized users to access the system under appropriate circumstances, and prevents all types of unauthorized user access.
This is a very important goal, so let’s parse this out:
The security system must understand the concept of identities, be able to properly authenticate users, and be tied into an organization’s Identity Management system.
There must be conditions under which authorized users can access a system. Some systems, such as email, should be available 24x7x365. But others, such as hardware-level management, should be much more tightly controlled. For example, IT may only want to grant admins access if there is an open service desk ticket tied to a specific server, or perhaps during defined maintenance windows.
Prevents all types of unauthorized user access
While unauthorized users do not have valid login credentials (of course), they must also be prevented from accessing the server at the network level – to prevent exactly the kind of attacks covered above.
Which leads us to a foundational premise of Cryptzone’s security philosophy:
The ability to send packets to a server on a network is a privilege, and must be restricted to authorized users only.
The good news is that together we can solve this problem. Our product, AppGate, is designed to let you easily control user access to all services – applications and hardware, on-premises and in the cloud – in a way that’s dynamic and policy-driven.
Learn more about how AppGate can help you protect your servers’ hardware management interfaces, as well as the rest of your infrastructure by downloading our simple infographic on dark matter.