Monday 7 January 2019

Security: Direct Internet Connections for KVM over IP devices such as iLO Advanced, iDRAC Enterprise, Intel RMM, and others = BAD

While discussing firmware and updating firmware this situation, experienced a number of years ago vicariously, came to light:

ISP: Excuse me sir, but we have a huge volume of SPAM coming out of [WAN RMM IP]
Admin: Huh?
ISP: We are seeing huge volumes of SMTP traffic outbound from [WAN RMM IP]
Admin: Oh?
* Checks non-existent documentation
Admin: Um, is that IP assigned to us?
ISP: Yes sir, along with [WAN SSL IP for internal services]
Admin: Hmmm …
[PAUSE]
Admin: Oh, wait, I think I know … [unplugs iLO/iDRAC/RMM from switch connected to ISP modem]
Admin: Is it better now?
ISP: Oh yeah, what did you do?
Admin: Oh, I fixed it.

One should never plug a RMM/iLO/iDRAC type device directly into the Internet right?

We probably blogged about this in the past, but it definitely bears repeating as we still encounter situations where the devices are plugged directly in to the Internet!

Happy New Year everyone! :)

Philip Elder
Microsoft High Availability MVP
MPECS Inc.
Co-Author: SBS 2008 Blueprint Book
www.s2d.rocks !
Our Web Site
Our Cloud Service

No comments: