Security sensor groups

April 18, 2010

| |

Two new sensor groups will be making appearance in the next revision of the IPMI apps – ‘Platform Security‘ and ‘Physical Security‘.

Deciding which groups to include is a balancing act. Too many and the app slows down too much (i.e. forget running on Edge). Too few and the usefulness is hard to justify. An option to control the list of sensor groups for every server is probably ideal but will require major rethinking of how the application manages and stores its state. Definitely not something we want to deal with for 1.X versions.

Security groups seem to be a needed addition though. On most hardware the groups only include a handful of sensors so the extra overhead is really low. More importantly, it will provide essential clarification for security-related alarms. Chassis status cell already shows an aggregated  security indicator (lock icon) that lights up red if security is compromised. However by design it does not provide any explanation of what happened.

With new groups the apps will potentially recognize (depending on server’s BMC) and report the following list of events:

Physical Security

  • Chassis intrusion
  • Drive Bay intrusion
  • I/O Card area intrusion
  • Processor area intrusion
  • System unplugged from LAN
  • Unauthorized dock
  • FAN area intrusion

Platform Security

  • Front Panel Lockout violation attempted
  • Pre-boot user password violation
  • Pre-boot setup password violation
  • Pre-boot network boot password violation
  • Other pre-boot password violation
  • Out-of-band access password violation

Screenshots below show output from a server running with cover off.

Development updates

Comments feed

Leave a Reply

You must be logged in to post a comment.