Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Out of Band Management

by Cody Dumont
August 4, 2015

Securing Out of Band Management (OOBM) access is crucial to network security. OOBM allows network admins to gain access to critical systems that are frequently located at remote or isolated locations. SecurityCenter Continuous View (CV) provides risk analysis on OOBM devices or systems.

The dashboard and its components are available in the SecurityCenter Feed, a comprehensive collection of dashboards, reports, assurance report cards and assets. The dashboard can be easily located in the SecurityCenter Feed under the category Monitoring.

The dashboard requirements are:

  • SecurityCenter 4.8.2
  • Nessus 6.3.6
  • Compliance Data

Many network design philosophies include an OOBM network. This network is segmented from regular traffic and in cases is described as the management plane, which is dedicated to management ports and other related network channels. The devices on this segment provide administrators with the ability to monitor servers and network devices remotely regardless if the device is powered on, powered off, non-responsive or when not accessible by the standard network channel.

The OOBM ports can come in a many varieties, such as TTY serial ports, direct console access, and dedicated Ethernet IP management ports. Intelligent Platform Management Interface (IPMI) is the most common method of using OOBM with servers or appliances. The IPMI uses the Baseboard Management Controller (BMC), which has its own power source, communication port, and operating system. A common practice with IPMI vendors is to set a well-documented default username and password. The default usernames and passwords are easily searchable on the internet or in their owner manuals. Some vendors of IPMI devices are Dell DRAC/iDRAC, HP Lights-Out (iLO), and IBM Remote Supervisor.

This dashboard provides several components that are related to OOBM and IPMI. Some of the components are general detection and others are focused on a specific vendor. Many of the indicators will change color to match the severity, such as red for critical, orange for high, and so on. However, if the severity can not be determined by the filter, the indicator will turn purple.

SecurityCenter Continuous View (CV) provides continuous network monitoring to identify vulnerabilities, reduce risk, and ensure compliance. SecurityCenter CV enables the analysts to react to advanced threats, zero-day vulnerabilities, and new forms of regulatory compliance.  With more supported technologies than any other vendor including operating systems, network devices, hypervisors, databases, tablets, phones, web servers, and critical infrastructure, SecurityCenter CV users are more prepared for the dynamic changing environment.

Components

Out of Band Management - IPMI Detection: This component displays several indicators for IPMI vulnerabilities that are associated with either the General or Generic plugin families. For example, the IPMI Server Detection (SSL Issuer Check) indicator detects an SSL service that is typically used with IPMI for remote management.

Out of Band Management - Dell DRAC/iDRAC: This component provides indicators for the different Dell DRAC/iDRAC  IPMI vulnerabilities. These six Dell DRAC/iDRAC vulnerabilities are Dell DRAC detection, Dell iDRAC detection, default password, Login Page error, iDRAC 6 vulnerabilities, and Dell iDRAC arbitrary command injections. Helping an administrator understand the IPMI security risk on DRAC/iDRAC card will benefit the threat landscape on the network.

Out of Band Management - FireEye IPMI: This component displays FireEye IPMI vulnerabilities. This component will detect if the FireEye IPMI is enabled and if the FireEye password needs to be changed.

Out of Band Management - Audit File Checks: This matrix displays several indicators for audit results related to Out of Band Management (OOBM). This component is using specific plugin names to detect Out of Band audit checks.

Out of Band Management - IPMI Vendor Detection: This component provides several indicators with IPMI remote management access from several vendors. These IPMI vendors are Megarac, SuperMicro, Intel Active Management, Oracle Lights Out, Sun Lights Out, IBM, ServerView, and Avocent DSView. 

Out of Band Management - HP Lights-Out Detection: This component displays several indicators for HP Lights-Out devices. HP Integrated Lights-Out (iLO) is the IPMI system board of a host server. HP iLO allows super users or administrators access to HP server hardware, firmware, and communication interfaces. HP built security features into iLO, but new vulnerabilities are discovered all the time. Each indicator will change background color depending on their severity. A blue indicator is for information severity, a green indicator is for low severity, a yellow indicator is for medium severity, an orange indicator is for high severity, and red indicators are for critical severities.

Out of Band Management - IPMI Vulnerabilities: This component will display a table of the top 100 IPMI vulnerabilities. Each row in this table will display Plugin ID, Name, Family, Severity, and Total hosts associated with IPMI vulnerabilities. This displays sorted by total host count in ascending order. This will help an administrator understand how many hosts are affected by each of the IPMI vulnerabilities.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy.

Your Tenable Vulnerability Management trial also includes Tenable Lumin and Tenable Web App Scanning.

Tenable Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

100 assets

Choose Your Subscription Option:

Buy Now

Try Tenable Web App Scanning

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable One Exposure Management platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Your Tenable Web App Scanning trial also includes Tenable Vulnerability Management and Tenable Lumin.

Buy Tenable Web App Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try Tenable Lumin

Visualize and explore your exposure management, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Your Tenable Lumin trial also includes Tenable Vulnerability Management and Tenable Web App Scanning.

Buy Tenable Lumin

Contact a Sales Representative to see how Tenable Lumin can help you gain insight across your entire organization and manage cyber risk.

Try Tenable Nessus Professional Free

FREE FOR 7 DAYS

Tenable Nessus is the most comprehensive vulnerability scanner on the market today.

NEW - Tenable Nessus Expert
Now Available

Nessus Expert adds even more features, including external attack surface scanning, and the ability to add domains and scan cloud infrastructure. Click here to Try Nessus Expert.

Fill out the form below to continue with a Nessus Pro Trial.

Buy Tenable Nessus Professional

Tenable Nessus is the most comprehensive vulnerability scanner on the market today. Tenable Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, community and chat support 24 hours a day, 365 days a year.

Select Your License

Buy a multi-year license and save.

Add Support and Training

Try Tenable Nessus Expert Free

FREE FOR 7 DAYS

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Already have Tenable Nessus Professional?
Upgrade to Nessus Expert free for 7 days.

Buy Tenable Nessus Expert

Built for the modern attack surface, Nessus Expert enables you to see more and protect your organization from vulnerabilities from IT to the cloud.

Select Your License

Buy a multi-year license and save more.

Add Support and Training