iDRAC7 Security Review

Hello

I could not locate an in-depth security paper. Here is one I found:

ftp://ftp.dell.com/Manuals/all-products/esuprt_electronics/esuprt_software/esuprt_remote_ent_sys_mgmt/integrated-dell-remote-access-cntrllr-7-v1.10.10_White%20Papers_en-us.pdf

Here is the iDRAC wiki page that has links to several white papers:

http://en.community.dell.com/techcenter/systems-management/w/wiki/3204.dell-remote-access-controller-drac-idrac.aspx

I think you are going to find that most IPMI is the same. IPMI is not something we develop in-house. IPMI is going to be the same across most manufacturers. The biggest security loophole with IPMI is cipher 0. You can disable cipher 0, but we do not disable it by default. For security reasons we set it to be disabled by default with a firmware update, but due to complaints we changed back to enabled by default.

You can disable IPMI over LAN, and you can turn off IPMI completely. I recommend that connect any management interface like an iDRAC to a secure VLAN that has MAC filtering or something else to limit access to only administrators. The iDRAC allows local access that can bypass several security measures. It is not a good idea to have it connected to the regular LAN that everyone else is on. If the iDRAC is not segregated on your LAN then you can disable IPMI over LAN if you are concerned about it's security.

Putting the iDRAC on a restricted access VLAN or using port security, disabling ciper 0 so that a login is required when connected locally, and using the normal security features of passwords and certificates should combine to provide an acceptable level of security.

Thanks

Versions differ between blades and servers, so the numbering system usually does not coincide. I show the latest version is 1.46.45 for the M420. A security update is mentioned in the release notes:

http://www.dell.com/support/drivers/us/en/04/DriverDetails/Product/poweredge-m420?driverId=JYX4C&osCode=WS8R2&fileId=3288107913&languageCode=en&categoryId=ES