I feel like this article reflects some significant technical confusion. The BMC is supposed to be on a trusted network inaccessible from the outside. I've always viewed authentication on the BMC as being like the numeric lock on luggage--it's designed to keep honest people honest, not for real security. Being able to bypass the BMC security is really not a big deal. What the Bloomberg article says about the hardware exploit is much worse:
> > The rogue instructions, Bloomberg reported, caused the BMCs to download malicious code from attacker-controlled computers and have it executed by the server’s operating system.
It's using the fact that the BMC has unfettered access to the rest of the machine to compromise the code running on the server itself. That's valuable even if the BMC itself is on a private network inaccessible to the attacker.
There is no such practical network which remains such a network for long. All networks must be assumed to be byzantine as they certainly will be compromised at some point, if they're not already.
It's quite incompetent and negligent to put network connectors on servers that cause spectacular failures when exposed to a network.
A valid conclusion might indeed be to stop them being accessible from the outside, by installing such server boards in a network-topologically secure location such as a landfill.
It's quite incompetent and negligent to put network connectors on servers that cause spectacular failures when exposed to a network.
This isn't a fair assessment of the situation. Networks that aren't entirely trusted and controlled can cause spectacular failures. By knowing this, administrators can use BMCs safely. My Poweredge server even came with a warning sticker that had to be removed before the DRAC port could be used.
In general, tools can have "pointy parts" with which the user could harm themselves so long as the risks and proper uses are documented and explained adequately.
BMCs like DRAC or iLO are invaluable when you have hundreds or thousands of fresh servers with no OS. The BMC lets you mount an OS or hypervisor ISO in a way reminiscent of DaemonTools et al., and update bios and other firmware from a shared network folder. I'm pretty sure there's even an API to develop against.
BMC's are great--all my home builds have them because I'm too old to be fiddling around trying to figure out why a computer won't boot an installer from a USB key. But even on my home network the BMC's are on a separate switch on a subnet that doesn't have internet access except through a VPN gateway.
I think the parent meant, you have them on a subnet with no default route, but have a vpn / management system with one interface pointing in to the management network. You can get in via the vpn but they can’t get out.
You can bootstrap fresh servers using PXE. The problem with BMC is that it never goes away even after you've booted your system. BMC owns your system and there's no way to completely disable it. Options for disabling it simply control the BMC's software interfaces, and they only work to the extent that the software is bug free. It's like the infamous cPanel, but for hardware--it's a juicy target that you're stuck with.
There's definitely an API. It's a core part of OpenStack Ironic, which lets you automate bootstrapping them like you described (for example, to put the rest of your OpenStack cloud on top of).
Except that in many cases the BMC does not exposed to the internet, especially in situations where you get a dedicated server from somewhere and they want to give you low-level access to make changes to the server you are renting.
I know of at least 2 places where this is still the case (that or a remote IP KVM...).
The BMC should be on a trusted network, but most likely isn't.
> > The rogue instructions, Bloomberg reported, caused the BMCs to download malicious code from attacker-controlled computers and have it executed by the server’s operating system.
It's using the fact that the BMC has unfettered access to the rest of the machine to compromise the code running on the server itself. That's valuable even if the BMC itself is on a private network inaccessible to the attacker.