Summer is coming to a close. Children are going back to school, the leaves will be changing sooner than later, and college football is just around the corner. As another great summer comes to a close I want to share what I learned during my summer vacation and how that can help you protect your iDRAC and other out-of-band management systems.
Every year we take our ATV’s to a section of wilderness and explore the different trails in that region. This year we decided to explore the trails in Southern Utah. During one of our trips the coolant hose on my ATV came loose and started leaking without my knowledge. I went the whole day with antifreeze slowly leaking out of my machine. That night my father spotted the leak. We fixed the hose, topped off the coolant, and rode the rest of the week without incident. Lucky for me I had someone to help spot the problem and resolve it before I ended up getting stuck in the mountains of Utah with a broken down machine.
Just as my father helped identify the leak on my ATV let me help you identify the security leak that can come from unmanaged Privileged Accounts from your iDRAC. On most modern day servers from Dell there exists an iDrac. Other server vendors ship similar remote management adapters. This feature allows servers to be monitored for critical hardware problems, enable remote power control, and access a virtual console so you can work remotely on your servers without being near your server.
Each iDRAC or remote management adapter comes from the factory pre-configure with a username and password. Most can be found by a basic web search and others can be found conveniently attached to the server. If attackers gain access to this management interface your entire data center can be powered down in minutes causing a massive Denial of Service Attack or worse, the attacker can pull data off the system by enabling verbose logs and monitoring what your administrators are doing on the console. If you experience any of these attacks you will wish that you were stuck in the middle of the wilderness rather than face your management or the SOX, PCI, HIPAA, or NERC auditors that would be visiting your company.
With Quest One Privileged Password Manager you can fix the security leak from Privileged Accounts that your remote management adapters are experiencing. You can start rotating passwords so the root iDRAC user will never know who “calvin” is anymore. Administrator, admin, userid, and others from remote management adapters will be secured and you can rest knowing that your servers are protected from another potential security threat. Along with this protection you will have the ability to audit users that request the root account on iDrac and you will be able to produce reports to show you are satisfying the requirements of any regulatory body.
So as another summer season winds down let Quest help you by protecting you iDRAC and other Privileged Accounts from leaking out of your organization.