zlacker

[return to "Supermicro server motherboards can be infected with unremovable malware"]
1. SoftTa+K5b[view] [source] 2025-09-28 17:22:44
>>zdw+(OP)
"If a potential attacker already has administrative access to the BMC..."

Then you've already lost.

The BMC needs to be ideally on a physically isolated network, or at least a separate one that has no route from the outside nor on the machine itself.

◧◩
2. perchi+KFb[view] [source] 2025-09-28 21:41:09
>>SoftTa+K5b
I don't work with physical servers, so this is a gap in my knowledge. Isn't it the entire purpose of BMCs to allow for remote management?

So you'd definitely have to have it connected to the internet somehow, even if very indirectly, and in an independent manner (different network with no direct routes).

◧◩◪
3. xorcis+uJb[view] [source] 2025-09-28 22:14:02
>>perchi+KFb
Of course a network can be offline. I believe that is what you describe, a network with no routes is not connected to anything else, and certainly not to the Internet?

It is common to keep admin and backup functions on separate network interfaces, on a disconnected network. You have to physically connect to the network in a secure location to use it.

◧◩◪◨
4. ang_ci+k6c[view] [source] 2025-09-29 03:00:23
>>xorcis+uJb
No, that is not common. Management networks are almost never air gapped, they're just segregated from publicly-accessible or higher-exposure networks (DMZ, and hopefully prod). Requiring a (role-restricted) VPN connection is the most common way to control access to management networks.
[go to top]