“Securing Critical Infrastructure: CISA and NSA Join Forces to Strengthen Baseboard Management Controllers”

CISA and NSA Publish New Guidance on Hardening Baseboard Management Controllers (BMCs)

Introduction

The Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) have recently released new guidance aimed at helping organizations strengthen the security of their baseboard management controllers (BMCs). A BMC is a specialized service processor typically found on motherboards, which is responsible for monitoring the physical state of a system and enabling remote management and control. The BMC firmware, according to CISA and the NSA, holds significant privileges and provides access to all resources on the system. The guidance highlights the importance of securing BMCs, as their vulnerabilities can create opportunities for malicious actors to compromise systems and propagate threats undetected.

The Role and Function of BMCs

BMCs play a crucial role in system management by collecting vital information about a device’s physical state, including temperature, voltage, humidity, and fan speeds. As a separate entity from the operating system and system firmware, BMCs can remain functional even when the system is powered off. This feature allows remote management and control, enabling organizations to manage multiple systems without physical access.

The Security Risks Associated with BMCs

CISA and the NSA emphasize that many organizations fail to implement necessary security measures to protect their BMCs adequately. These oversights can leave BMCs vulnerable to unauthorized access and exploitation. Unauthorized access to a BMC can enable adversaries to disable critical security features such as the trusted platform module (TPM) or UEFI secure boot and propagate malicious implants across the network without detection from standard security tools. This includes endpoint detection and response (EDR) solutions, intrusion detection/prevention systems (IDS/IPS), and TPM attestation.

The Need for Hardened Credentials and Network Segmentation

To mitigate the risks associated with BMC vulnerabilities, CISA and the NSA provide several key recommendations. First and foremost, organizations should change default BMC credentials and use strong passwords compliant with National Institute of Standards and Technology (NIST) guidelines. Access to BMC network connections should be isolated using a virtual local area network (VLAN) to restrict access to authorized users and devices.

Routine Firmware Updates and Monitoring Integrity

Additionally, organizations should ensure routine checks for BMC firmware updates and monitor the integrity of BMCs. Firmware updates provide critical security patches and bug fixes, addressing vulnerabilities that may be exploited by attackers. Implementing mechanisms to monitor the integrity of BMC operating systems can help organizations detect any unauthorized modifications or tampering.

The Importance of Network Restrictions and Disabling Unused BMCs

CISA and the NSA also recommend restricting network access to BMCs and treating unused BMCs as potential future threats. Network restrictions minimize the attack surface by limiting network connections only to those devices that require BMC access. Organizations should also carry out recommended actions, such as applying patches and hardening credentials, appropriate to the sensitivity of the platform’s data. If a BMC cannot be disabled or removed, organizations must ensure it is protected with the same level of security as active BMCs.

Editorial Perspective

The publication of new guidance by CISA and the NSA highlights the prevalent and often overlooked security risks associated with baseboard management controllers. BMCs, although essential for remote management and control of systems, can become a significant vulnerability if not properly secured. Organizations must take these vulnerabilities seriously and implement the recommended security measures to protect their infrastructure.

Beyond BMCs, this guidance points to broader issues in internet security. The prevalence of interconnected devices and the increasing reliance on remote management underscore the critical importance of securing not just individual systems but also the underlying infrastructure. The interconnected nature of modern technology exposes organizations to a wider range of potential vulnerabilities, requiring vigilance and proactive security measures.

A philosophical discussion can be had regarding the balance between convenience and security. The desire for remote management and control often leads organizations to prioritize ease of access over robust security protocols. However, as demonstrated by the vulnerabilities associated with BMCs, convenience can come at a great cost. It is crucial for organizations to find the right balance between convenience and security, ensuring that necessary security measures are in place to safeguard against potential threats.

Conclusion

The new guidance from CISA and the NSA serves as a reminder of the critical importance of securing baseboard management controllers to protect the integrity of organizational infrastructure. Organizations must prioritize implementing hardened credentials, regularly updating BMC firmware, and monitoring BMC integrity. Network restrictions and proper management of unused BMCs are also crucial steps in mitigating potential vulnerabilities. By taking these actions, organizations can enhance their security posture and reduce the risks associated with BMC vulnerabilities. Ultimately, this guidance highlights the need for ongoing vigilance and proactive security measures to protect against emerging threats in an interconnected world.