How Secure Is Your Server Hardware?
Oct 13, 2020
Ala Samadpour - HPE Master ASE Server, HPE Master ASE Storage, VMware Certified Professional,
VMware VCP Cloud Management and Automation
Chances are it's not.
Security is always evolving and what worked yesterday will not necessarily work today. Security goes far beyond protecting software and networks. Securing your hardware is often overlooked and can have some costly implications, if it becomes compromised. Relying solely on firewalls to secure the infrastructure is bound to end in disaster.
Malicious attackers are switching from software to hardware
Firewalls, virus scanning, and even security monitoring tools are all working on the data plane, and the assumption is that underlying physical resources such as firmware are secure. The reality is that cyber-attacks are no longer only targeting the OS and application level. Attacks are now happening at the database, firmware, kernel, and hardware level.
Firmware-level attacks in , are a huge problem. In most modern hardware, millions of lines of firmware code run before the OS even boots. Hackers who manage to insert even a couple of lines of malicious code into firmware in the supply chain, at runtime, or via physical access, can steal data, create denial of service conditions, or compromise the integrity of the entire system.
Supply Chain Attacks are difficult to identify when successfully implemented
Not only can the server be hacked, it can be fully disabled using a cheap $20 SPI Flash tool that can be found on Amazon. That $30,000+ expense could be avoided by having a more comprehensive security strategy in place. Even if hackers do not disable the server, they can alter your data, or even steal it. The risks are nothing short of substantial.1
A recent example of this came in 2018, when Bloomberg Businessweek reported that a Chinese spy agency created a backdoor into several server hardware manufacturers. They claim this was executed by inserting bugs directly into the circuit boards at the factories, before they were shipped, although the factories and DHS vehemently denied the report. Apple and Amazon also put out their own counter stories, highlighting what Businessweek got wrong.2
While we may never know what actually happened, we now know that the hardware hack is possible, and we need to restructure our security strategies to ensure we are not susceptible to hardware hacks in the future.
Setting a new standard for server security
As the industry adapts to the ever-changing landscape, we need to consider supply chain security and the actual design of the chips.
Now that chipmakers are aware of these security holes, they are actively trying to come up with solutions, and Intel’s Boot Guard and AMD’s secure processor are examples of these efforts. Many of the server manufacturers rely on these solutions to address the firmware security vulnerability, but the reality is that they still lack comprehensive security measures.
Hewlett Packard Enterprise (HPE) with their Gen 10 servers offer the first industry standard server to include a silicon root of trust built into the hardware (they own their BMC).
This new security feature, which was made possible by the new integrated Lights Out (iLO5) server management controller, scans and monitors the firmware, and after checking the integrity of the code, allows the server to boot. The server has the ability to recover to a known good state, in the unlikely event the firmware becomes compromised in some way.
With the baseline iLO Standard that comes with every Gen10 server, customers have the ability to configure their server in one of three security modes: FIPS mode, Production mode, or High Security mode. With the iLO Advanced Edition license, customers that need the highest-level encryption capabilities of CNSA, have a fourth security mode available to them.3
Unlike many server manufactures that use 3rd party and off the shelf controllers which can be compromised before shipping to the server assembly facility, the HPE Gen10 server, with the powerful Integrated Lights Out (iLO5) server management controller (or BMC, as it is known in industry), is designed and made by HPE.4
The most important part about this hardware component is its supply chain security. The chip has been designed and improved upon, for more than 30 years, under different names such as RIB and RILO, among others, first designed by Compaq labs, which was acquired by HP. All the design and testing of the iLO has been done in house, and it's manufactured in the US, or TAA-compliant countries.
Supply chain security goes beyond just product security. To ensure it, design sourcing, building, fulfillment, distribution, and disposal of the server, which are all part of the supply chain, need to be secured.
HPE secures all parts of the supply chain for their hardware products (including Gen10 servers) by ensuring that all components are sourced through trusted suppliers and adhere to HPE Standards of Business Conduct (SBC). Factory Security control includes Security Guards, Employee Background Checks, Electronic Background Access Controls, CCTV Monitoring, TS/SCI cleared factory workers for sensitive programs.
Hardware security might be overlooked now, but with the strides being made to improve the security and processes it will soon become an essential part of server management and security. UNICOM Government, Inc. (UGI) will continue to develop best in class solutions and products to help organizations secure their facilities and hardware.