White Paper Cyber Resilient Security in Dell EMC PowerEdge Servers Abstract This technical white paper covers the variety of security processes and features in the 14th and 15th generations PowerEdge Servers, featuring iDRAC9.
Technical support and resources Revisions Date Description January 2018 Initial release November 2020 First Revision March 2021 Updated to include new features Acknowledgments Authors: Vandana Mallempati, Craig Phelps, Manoj Malhotra, Doug Iler The information in this publication is provided “as is.” Dell Inc.
Technical support and resources Table of contents Revisions.............................................................................................................................................................................2 Acknowledgments ...............................................................................................................................................................2 Executive summary ..................................................................................
Technical support and resources 3.5.4 iDRAC Connection View with Geolocation .......................................................................................................20 3.6 Supply Chain Integrity and Security .................................................................................................................21 3.6.1 Hardware and Software Integrity ......................................................................................................................21 3.6.
Technical support and resources Executive summary The Dell Technologies approach to security is intrinsic in nature. Security is integrated, not bolted-on after the fact, and it is integrated into every step of the Dell EMC Secure Development Lifecycle. The PowerEdge team continuously evolves the security controls, features, and solutions to meet the ever-growing threat landscape. A key security foundation is Silicon Root of Trust.
Technical support and resources 1 Introduction As the threat landscape evolves, IT and security professionals struggle to manage the risks to their data and resources. Data is being used across many devices, on premise, and in the cloud, and high impact data breaches continue to mount. Historically security emphasis has been placed on the operating system, on applications, and on firewalls. Another network infrastructure concern is Intrusion Detection System (IDS) and Intrusion Prevention System (IPS).
Technical support and resources 2 The Path to a Secure Server Infrastructure Dell EMC PowerEdge servers have featured robust security for several generations, including the innovation of using silicon-based data security. Dell EMC PowerEdge servers extended silicon-based security to authenticate BIOS andfirmware with a cryptographic Root of Trust during server boot process. Dell EMC product team prioritizes features in PowerEdge servers to limit security threats faced in modern IT environments.
Technical support and resources Figure 1: Security Development Lifecycle of Dell EMC 2.2 Cyber Resilient Architecture Dell EMC servers feature an enhanced Cyber Resilient Architecture that provides a hardened server design to Protect, Detect, and Recover from cyberattacks.
Technical support and resources 2.3 Current Threats There are many threat vectors in the ever-changing IT landscape. Table 1 summarizes the Dell EMC approach to managing critical backend threats.
Technical support and resources 3 Protect The “protect” function is a key component of the NIST Cybersecurity Framework and serves to guard against cybersecurity attacks. This function consists of several categories including access control, data security, maintenance, and protective technology. The key underlying philosophy is that infrastructure assets must provide robust protection against unauthorized access to resources and data.
Technical support and resources o o o o o o Initial Boot Block (IBB) Security (SEC) Pre-EFI Initialization (PEI) Memory Reference Code (MRC) Driver Execution Environment (DXE) Boot Device Selection (BDS) If Intel Boot Guard authenticates the Initial Boot Block (IBB), then the IBB validates SEC+PEI before handing control to it. SEC+PEI then validates PEI+MRC which further validates the DXE+BDS modules. Next, control is handed over to UEFI Secure Boot as explained in the next section.
Technical support and resources 3.1.2 BIOS Live Scanning BIOS live scanning verifies the integrity and authenticity of the BIOS image in the primary ROM when the host is powered on. BIOS Live Scanning does not include the POST process. This AMD only feature and is available only with iDRAC9 4.10.10.10 or higher with the Datacenter license. This feature requires administrator privileges, or operator privileges with “Execute Debug Commands” debug privilege.
Technical support and resources 3.1.4 Trusted Platform Module Support PowerEdge servers support three versions of the Trusted Platform Module (TPM): o o o TPM 1.2 FIPS + Common Criteria+ TCG certified (Nuvoton) TPM 2.0 FIPS + Common Criteria+ TCG certified (Nuvoton) TPM 2.0 China (NationZ) TPM can be used to perform public key cryptographic functions, compute hash functions, generate, manage, and securely store keys, and do attestation.
Technical support and resources supported but are not recommended for new deployments due to the various security issues uncovered in recent years. Dell EMC recommends IPMI users to evaluate and transition to iDRAC Restful API with Redfish. TLS/SSL certificates can be uploaded to iDRAC to authenticate web browser sessions. Three options: o o o Dell EMC Self-Signed TLS/SSL Certificate: The certificate is autogenerated and self-signed by iDRAC.
Technical support and resources 3.2.3 SELinux framework SELinux operates at the core kernel level on the iDRAC and does not need any input or configuration from users. SELinux logs security messages when an attack is detected. These log messages indicate when and how an attacker tried to break into the system. These logs are available through SupportAssist to customers enrolled in this new feature. In future release of iDRAC, these logs are available in the Lifecycle Controller Logs. 3.2.
Technical support and resources 3.2.6 Factory Generated Default Password By default, all 14G PowerEdge servers ship with a unique, factory-generated iDRAC password to provide additional security. This password is generated at the factory and is printed on the pull out Information Tag. This tag is on the front of the chassis, next to the server asset label. Users who choose this default option must note this password and use it to log in to iDRAC for the first time.
Technical support and resources lockdown is not supported. These actions depend on the third party devices that are detected as part of the iDRAC discovery process. 3.2.8 Domain Isolation 14th and 15th generation PowerEdge servers provide additional security using Domain Isolation, an important feature for multitenant hosting environments. In order to secure the server hardware configuration, hosting providers may want to block any reconfiguration by tenants.
Technical support and resources 3.4.1 iDRAC Credential Vault The iDRAC service processor provides a secure storage memory that protects various sensitive data such as iDRAC user credentials and private keys for self-signed SSL certificates. The Credential Vault is another example of silicon-based security. The memory is encrypted with a unique immutable root key that is programmed into each iDRAC chip at the time of manufacture.
Technical support and resources 3.4.3 Secure Enterprise Key Manager (SEKM) OpenManage SEKM delivers a central key management solution to manage data-at-rest across the organization. SEKM uses an external Key Management Server (KMS) to manage keys that iDRAC uses to lock and unlock storage devices. The advantages of using SEKM over Local key Management (LKM) are: o o o o o ID 483 SEKM protects “theft of a server” since the keys are not stored on the server and are stored externally.
Technical support and resources 3.5 Hardware Security Hardware security is an integral part of any comprehensive security solution. Some customers want to limit access to ports of entry, such as USB. A server chassis need not be opened in general after it has been put into production, except for a part failure. Customers want to track and log any hardware security activities. The goal is to alert on any unwanted physical intrusion. 3.5.
Technical support and resources Connection View validates the location of the server indirectly by reporting details about the switch it is connected to. The switch identity provides geolocation to assure that the server is not a “rogue server” in a nonauthorized site, providing another layer of physical security. Geolocation also provides validation that an application or VM has not “crossed” country or region borders, and that it is running in an approved, secure environment. 3.
Technical support and resources Dell EMC is engaged in several voluntary supply chain security programs and initiatives. One such initiative is the Customs-Trade Partnership Against Terrorism (C-TPAT), introduced by the United States government after the September 11 attack. This initiative helps reduce the potential for terrorism through strengthened border and supply chain security measures. As part of this initiative, the U.S.
Technical support and resources 4 Detect It is critical to have a detection capability that provides complete visibility into the configuration, health status, and change events within a server system. This visibility must also detect malicious or other changes to BIOS, firmware, and Option ROMs within the boot and operating system runtime process. Proactive polling must be coupled with the ability to send alerts for any events within the system.
Technical support and resources 4.1.2 Alerts iDRAC provides the capability to configure different event alerts and actions to be performed when a Lifecycle Logs event occurs. When an event is generated, it is forwarded to the configured destinations by using the selected alert type mechanisms. Users can enable or disable alerts through the iDRAC web interface, RACADM, or with iDRAC settings utility.
Technical support and resources 4.2 Drift Detection Organizations can reduce the potential for exploitation by enforcing standardized configurations and adopting a “zero tolerance” policy for any changes. Dell EMC OpenManage Enterprise Console allows customer to define their own server configuration baseline and then monitoring the drift of their production servers from those baselines.
Technical support and resources 5 Recover Server solutions must support recovery to a known, consistent state as a response to various events: o o o o o Newly discovered vulnerabilities Malicious attacks and data tampering Corruption of firmware due to memory failures or improper update procedures Replacement of server components Retiring or repurposing a server The following section discusses responses to new vulnerabilities and corruption issues, and how to recover the server to its original state if
Technical support and resources In extreme case of BIOS corruption, users must have a way to recover the BIOS to its original state. BIOS corruption can be caused by a malicious attack, power loss during the update process, or any other unforeseen event. A backup BIOS image is stored in iDRAC so it can be used to recover the BIOS image. iDRAC orchestrates the entire end to end recovery process. There are two options for BIOS recovery: o o 5.
Technical support and resources 5.4.1 Parts Replacement iDRAC automatically saves both the firmware image and configuration settings for NIC cards, RAID controllers, and Power Supply Units (PSUs). After a field replacement of these parts, the user can select the “Parts Replacement” option in F10. This option restores the firmware and configuration to the replaced item. This functionality saves critical time and ensures a consistent configuration and security policy. 5.4.
Technical support and resources 5.5 System Erase At the end of a system life cycle, it either can be retired or repurposed. For either scenario, System Erase removes sensitive data and settings from the server. Secure Erase wipes storage devices and server nonvolatile stores such as caches and logs so that no confidential information unintentionally leaks. It is a utility in Lifecycle Controller (F10) that erases logs, configuration data, storage data, and cache.
Technical support and resources 5.6 iDRAC9 Cipher Suite The Cipher Suite Selection can be used to limit the ciphers the web browser can use to communicate with iDRAC. Also, it can determine how secure the connection is. These settings can be configured through iDRAC web interface, RACADM, and Redfish. This functionality is available across several iDRAC releases – iDRAC7, iDRAC8 (2.60.60.60 and higher), and the current iDRAC9 (3.30.30.30 and higher). 5.
Technical support and resources 6 Conclusion Data center security is paramount to business success, and the security of the underlying server infrastructure is critical. Cyberattacks have the potential for extended system and business downtime, lost revenue and customers, legal damages and tarnished corporate reputation. To protect, detect, and recover from hardware-targeted cyberattacks, security must be built into server hardware design, not added on after the fact.
Technical support and resources A Technical support and resources http://www.dell.com/support Dell Technical Support http://www.dell.com/support/idrac: The iDRAC support home page provides access to product documents, technical white papers, how-to videos, and more. http://www.dell.