Digital Defense Analysis Unveils Cloud Security Weaknesses

Grazed from TalkinCloud. Author: Chris Talbot.

Cloud security is still a top-of-mind issue, even though cloud vendors and partners have been good about allaying customers’ and potential customers’ fears, but even as security continues to increase, there are still risks in any kind of IT. Breaches still happen, regardless of whether they end up in headlines, and national information security risk assessment firm Digital Defense has come out with a short list of the some of the key ways hackers are hijacking cloud services.

In its recent blog post, Digital Defense outlined what it calls "the back door on the side of your server." The blog is a bit technical at times, but the gist is that there are "critical IPMI (intelligent platform management interface) vulnerabilities" in rack servers that pose a significant threat to organizations and the cloud services they run on those servers, as well as the data those apps touch. IPMI-based attack vectors can be "extremely damaging," the firm noted. It broke the vulnerabilities down this way:…

• IPMI-based security weaknesses exist within network-accessible embedded components of rack-mount hardware. As such, normal operating system-based security controls offer no protection.
• Attackers can hijack powered-on servers even when they are shut down, and then leverage this access to take over the primary operating system. This is true whether the organization is running Microsoft (MSFT) Windows (32-bit or 64-bit) or Linux operating systems on the targeted servers.
• This issue appears to be widespread. Rack-mount servers with these flaws have been in distribution for years, and exist within a variety of models manufactured by numerous vendors…

Read more from the source @ http://talkincloud.com/cloud-computing-security/digital-defense-analysis-unveils-cloud-security-weaknesses