The National Security Agency and the Cybersecurity and Infrastructure Security Agency have collaborated to urge organizations to protect baseboard management controllers in their server-class computers.
NSA and CISA on Wednesday issued a joint cybersecurity information sheet, which warns that cyber actors can exploit the remote management functionality of BMCs to disrupt a network infrastructure, disable servers’ security and manipulate stored data.
BMC firmware executes outside a server’s operating system and continues to function even if the server is shut down. BMC enables system administrators to remotely perform network configuration and management.
Malicious actors have found ways to abuse the capabilities of these controllers. According to the agencies, cybercriminals can deactivate trusted platform modules, Unified Extensible Firmware Interface Secure Boot and other cyber defense mechanisms.
The security agencies recommend that organizations harden their BMCs by changing default credentials upon the discovery of a threat, and keeping that information away from internet connection. They should also use strong passwords, enforce virtual local area network separation and regularly perform update checks.
