is your server infrastructure secure? · pdf fileis your server infrastructure secure? mukund...

Is Your Server Infrastructure Secure?

Mukund KhatriSr. Distinguished Engineer, Server Solutions

Rick HallSr. Product Planning Manager, Server Solutions

2 Dell - Internal Use - Confidential

Server Management Tech Track SessionsSession Title Code Times LocationsDell EMC PowerEdge Server Systems Management Overview Server.02 Monday 4:30 PM

Wednesday 1:30 PMDelfino 4001APalazzo K

Server Management Simplicity Series (Part 1): Deploying & Monitoring Dell EMC PowerEdge Servers

Server.03 Monday 8:30 AMWednesday 8:30 AM

Palazzo IMarcello 4401A

Server Management Simplicity Series (Part 2): Reducing Maintenance Through Systems Management Best Practices

Server.04 Monday 1:30 PMWednesday 12:00 PM

Delfino 4001APalazzo K

Server Management Simplicity Series (Part 3): Toward A Single Pane Of Glass - Management Consoles & Integrations

Server.05 Tuesday 3:00 PMThursday 11:30 AM

Marcello 4403Palazzo L

Is Your Server Infrastructure Secure? Server.07 Monday 12:00 PM Wednesday 1:30 PM

Lando 4203Lido 3001A

Utilizing Mobile Devices in The Datacenter Server.08 Tuesday 8:30 AMThursday 10:00 AM

Palazzo JLando 4203


Major trends are impacting IT infrastructure and security… in a compounding fashion

Compliance

!ThreatsInnovation

Dell - Internal Use - Confidential4

M O D E R N I T I N F R A S T R U C T U R E

Traditional and Emerging

Workloads

Comprehensiveand Enduring Security

Flexible Cost Structure

SERVER

Expanded Role of Server, beyond Compute

4


HOW TO BUILD A

Modern IT Infrastructure

ADAPT AND SCALE to dynamic business needs

AUTOMATEto sustain and grow

PROTECT your customers and your business

5


Infrastructure is Under Attack!

Hacker Claims To Push Malicious Firmware Update to 3.2 Million Home Routers

New PC malware loads before Windows, is virtually impossible to detect

Apple deleted server supplier after finding infected firmware in servers

Hacker Holes in Server Management System Allow ‘Almost-Physical’ Access

“Nemesis” malware hijacks PC’s boot process to gain stealth, persistence


Common Myths of Infrastructure Security

• We have strong perimeter “air-gap” protection, and that is sufficient for my enterprise

• Firmware exploits are very difficult to pull off and require physical access

• Security is a specialized function handled by our centralized security team and not a worry for my IT team

• Default passwords are OK for management interfaces since they are isolated on a separate network

• Every OEM’s servers have pretty much the same security features


Holistic Security Must Comprehend Server InfrastructureServer Platform Design is as Critical as OS and Applications

Firmware (BIOS, BMC, HDD, etc)

Hardware design

Hypervisor / OS

Applications

Cloud

Areas getting most of the security focus and $$$

The often overlooked server infrastructure : Persistent & Stealthy

Firewall


“We predict in 2017 that advanced adversaries will continue to look for vulnerabilities

in hardware and firmware that they can exploit. We believe that they possess the

ability to exploit systems whose firmware is based on legacy BIOS or (U)EFI as well as

firmware of other types of devices such as solid-state drives, network cards, and Wi-Fi

devices.” – McAfee Labs 2017 Threats Predictions


Aspects in Server Design to Consider for Security

Resilient Firmware Architecture – built-in

Authentication for Boot & Updates

Audit Logging & Alerting

Role-based Access Control

Conformance to TCG, UEFI, NIST, other Standards

Physical Access• Locking bezels• Intrusion detection

Secure Decommissioning of Server & Data

Data Protection : Data-at-Rest, Data-in-flight

Robust Security Development Lifecycle

Centralized Vulnerability Management & Patch

Management

Hardware AcceleratorSupport

Security Needs to be Built-in, Not Bolted-on


“How” they’re designed …• …beyond the security features supported

• High Assurance & Cyber Resiliency attributes in Product designso Effective Protection, Reliable Detection, Rapid Recovery – to thwart Advanced Persistent Threats

• Development Model : Process & Peopleo Broad and Robust adherence to Security Development Lifecycle by engineering teamso Includes Code analysis, Threat modelling, Penetration Testing, Internal / External Audits & Reviews

• Centralized Vulnerability Reporting & Responseo Co-operative engagements w/ researchers and industry partners for expedited mitigations

• Active participation across key Industry Standards organizationso TCG, USWG, DMTF, NIST amongst others


Firmware is an Attractive Target for Malicious Attacks

• Stealthy: typically undetectable by today’s AV scanners

• Persistent: malicious firmware simply reloads after rebooting or power cycling

• Pre-OS control: BIOS-level malware is especially powerful since it can control low-level server operation before & after OS is loaded

• Not up to date: Software patching for OS security issues is frequent; firmware not as much typically

• Multiple points of attack: typical server platform has multiple distinct types of device firmware

PSUs

Storage Drives

FC HBAs

BMC BIOS

StorageController

CPLD

Typical Server Firmware

NICs


Key Requirements for Firmware “Protection”

• Authenticated Firmware Updates– Authentication via digital signatures ensures that

firmware update code comes from the genuine source– Self Updates or Assisted Updates

• Firmware Locking– Ability to hide or write-protect the firmware from

modification by any unauthorized agent

• Non-Bypassability– There should not be backdoors to bypass or circumvent

authenticated firmware updates

• Conformance to NIST SP800-147B– Guidelines for Secure BIOS Update


Servers Designed to be Cyber-ResilientEffective Protection

• Immutable Hardware Root of Trust for E2E Verified Boot• Cryptographic integrity check of BIOS/iDRAC before boot• Protected & Authenticated Firmware Updates• iDRAC: SELinux, AD/LDAP, MFA, Redfish• Isolation of Host and Management domains• System Lockdown to prevent unauthorized changes

Reliable Detection • Drift Detection for Firmware and Configuration Data • Enhanced UEFI Secure boot• TCG Secure Boot, NIST SP800-155, Intel TXT• Supply Chain Assurance for Critical Firmwares• SHA256 Hash for every Payload to Verify Integrity

Audit Logging Rapid Recovery

• Automated Recovery for iDRAC Firmware• Primary OS Remediation from Built-in Protected Backup• Cyber-Resilient BIOS Recovery• Built-in Full Power Cycle• On Demand Recovery of BIOS/iDRAC Firmware• EasyRestore for Security Configuration

• Holistic log inclusive of System Events, User Actions• Persistent - only erasable on retirement• Granularity - every event is logged• Alerting : Redfish/SNMPv3 & Integration into Consoles• Includes Recommended Actions – beyond reporting event• Seamless Integration of OS logs into LifeCycle log

Security Features in PowerEdge Servers


Which of the following technology initiatives is your IT organization prioritizing over the next 12 months?

30%

33%

35%

37%

38%

35%

46%

45%

51%

58%

24%

24%

28%

28%

30%

31%

35%

36%

39%

48%

Implement a bring-your-own PC, smartphone, and/or…

Shift spending from core systems like accounting or…

Create a comprehensive mobile and tablet strategy

Create a comprehensive strategy and implementation…

Connect our product/assets to monitor and analyze…

Create a single view of the customer

Upgrade, rationalize or replace our legacy business…

Invest in customer experience technologies

Improve the use of data and analytics technology

Increase our security and privacy capabilities

SMB Enterprise

Source: Forrester Business Technographics Priorities & Journey 2016

Security is A Critical IT Initiative for Server Buyers


PowerEdge Security Features

Signed Firmware Updates• SHA2 hashing

Secure Alerting• SNMP v3• WS-MAN or Redfish

eventing

Strong Authentication & Authorization• LDAP, Active

Directory, 2-factor

Secure Booting• Authenticated BIOS & iDRAC boot

process with chain of trust• UEFI Secure Boot with customized

certificates

Access Protection • Role-based access control• IP blocking/filtering• Detailed user access logging

Physical Access• Locking bezels• Intrusion detection

Server Repurposing or Retirement• Options for quick but secure

erasure of user data and logs

USB Control• Disable/enable USB

ports per datacenter policy

Data Protection• Encryption at rest

(SEDs & FIPS drives)


PowerEdge Security Details

Server/BIOS• Modular TPM 1.2/2.0

• FIPS/Common Criteria– Common Criteria EAL4+ certified with RHEL– FIPS 140-2 and Common Criteria

Certification for TPM 1.2 & 2.0– FIPS 140-2 for SED drives

• Enhanced UEFI Secure Boot – Adds the option of using customized

certificates (signed by the company itself and not by Microsoft)

iDRAC • Internet Security

– TLS/SSL support (TLS 1.2 recommended)– HTTP/HTTPS– SSH with PKI authentication

• FIPS 140-2 for iDRAC and CMC

• Security-Enhanced LINUX (SELinux) Embedded OS

– Fine-grained protection via policy-driven access to resources and operations


Innovative New Security Features in 14G

System Lockdown

• Virtual lock for preventing configuration or firmware changes

• Alerts when configuration or firmware deviates from baselines

System Erase

• Quickly and securely erase internal server storage devices including HDD, SSD, and NVMe drives

• Wipe all user configuration and log file information

• Prevents against inadvertent exposure of new iDRAC’s on unprotected networks

• Encourages stronger password policies (rather than the tendency to use generic default passwords)

Secure Default Password

****

Dynamic USB Port Enable

• Allows USB port disable for normal operation in secure environments

• Dynamically can be unlocked via iDRAC authentication when needed without rebooting the server

Hardware Root of Trust

OS Image Rapid Recovery

• Allows booting of a trusted backup OS image stored in hidden, protected storage

• An immutable silicon-based root of trust to securely boot iDRAC and BIOS firmware

• Rapid recovery to a trusted image when authentication fails


Spotlight on System Erase• Our System Erase feature leverages a new capability in

storage devices call Instant Secure Erase (ISE)– Instant Secure Erase (also called Cryptographic Erase) is a recognized

method of data erasure on storage drives referred to in NIST Special Publication 800-88 “Guidelines for Media Sanitization”

• How does it work?– Drives with ISE continuously encrypt data on the low-level media using

an internal key not exposed outside the drive– To erase the drive, the encryption key is simply deleted resulting in

unintelligible data on the drive (and hence “instant erasure”)

• Advantages of ISE– Speed: far faster than data over-writing techniques like DoD 5220.22-M

(seconds versus hours and hours)– Effectiveness: ISE erases all the data on the drive including reserved

blocks (an issue with SSD drives for example)– Better TCO: storage devices can be reused instead of being crushed or

otherwise destroyed


Automate Deployment of Server Security Policies with OpenManage• Our OpenManage tools and APIs help

automate the security policies for your server infrastructure

– Security policies that are not automated can result in manual errors and vulnerability exposures

– You can manage all aspects of the server lifecycle: deploy, update, monitor and maintain

• Choice of Automating Your Way!– Script to our powerful WS-MAN or RESTful

(Redfish) APIs via iDRAC with Lifecycle Controller– Use our OpenManage Essentials console for

comprehensive 1 X Many management – Use our deep integrations with consoles like

Microsoft System Center or VMware vCenter– Use Zero Touch automation that provides plug

and play provisioning

ScriptZero Touch Automation

GUI

iDRAC with Lifecycle Controller

>_


Examples of Securing Server Operations

Access Control

• Employ LDAP or AD for user & role authorization

• Set up 2-Factor Authentication

• Customize the iDRAC log-on security notice

• Enforce stronger encryption

• Restrict users to a specific IP range

• Use a BIOS password

Monitor Update Maintain

• Alert for configuration or firmware changes

• Use SNMP v3 or Redfish eventing

• Monitor for chassis intrusion events

• Log mobile device IDs associated with Quick Sync 2 usage

• Monitor iDRAC logs for tracking suspicious user access behavior

• Dell EMC signed firmware updates

• Select HTTPS (instead of CIFS & NFS) for file transfers from update repositories

• Use System Lockdown to prevent unwanted or malicious changes to firmware

• Use the iDRAC Direct dedicated USB port to locally remediate server or OS issues

• Use HTML5 mode instead of Java for remote console

• Use System Erase to securely wipe all user data from drives and non-volatile memory

• Reset configurations to factory defaults


Rapid Response to New CVE’s

• Common Vulnerabilities and Exposures (CVEs) are new attack vectors that compromise software and hardware products

– Timely response to CVEs are critical to most companies to assess their security exposure and take countermeasures

• CVEs can be due to new vulnerabilities identified in – Open source code such as OpenSSL– Browser and other Internet access software – Vendor product hardware and firmware– Operating systems and hypervisors

• Dell EMC works aggressively to quickly respond to new CVEs in our PowerEdge servers

– Which products are affected (software or embedded firmware)– What remediation steps may be taken– If needed, when updates will be available to address the CVE


Best Practices for Server Security

• Make sure all firmware is signed and up to date– Keeping firmware updated ensures that critical security issues like new OpenSSL vulnerabilities

or recent encryption exploits are addressed– Use only Dell EMC firmware updates to ensure proper authenticity

• Always enforce strong password usage for your iDRAC management processor– 63%* of confirmed data breaches involve weak, default or stolen passwords– Use of generic default passwords leave open doors, a concern for even “protected” networks– Employ role-based authorization to limit access to what is needed for each person or team

• Move away from IPMI to more secure management APIs– WS-MAN and Redfish are far more secure, both for encrypted communications and credential

checking

• Keep your iDRAC’s isolated from the Internet– Use either dedicated management networks or shared with VLAN isolation

* Verizon, “2016 Data Breach Investigations Report,” 2016, http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016

http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016


In Summary ..

Security of the Server Infrastructure Matters !

– While most malware attacks today focus on OS and applications, more are emerging that can target your server infrastructure

– Stay with the newest generation of PowerEdge Servers to leverage industry leading enhancements in hardware, firmware and OS’s security capabilities.

– Your server infrastructure is the bedrock of your data center. Dell EMC, as your trusted partner, provides the secure foundation for your enterprise


ACCELERATE YOUR BUSINESS ON

PowerEdgeAD AP T AN D S C AL E your dynamic business needs

by leveraging Scalable Business Architecture

F R E E U P S K I L L E D R E S O U R C E S

and focus on core business with Intelligent Automation

P R O T E C T Y O U R C U S TO M E R S

and your business robustly with Integrated Security

THE BEDROCK OF THE MODERN DATA CENTER

is your server infrastructure secure? · pdf fileis your server infrastructure secure? mukund...

Documents