Reports of cyber attacks are widespread today: data shows that both the size and frequency of these attacks are on the rise. For those who use or are considering using DCIM software, these attacks beg the question, “Is DCIM susceptible? What kind of attacks can be waged against a DCIM solution?”
All software, online or offline, is susceptible to attacks: therefore, DCIM software with a web-based interface (an advantage) is vulnerable.
Although news specifically regarding DCIM attacks is not widely reported upon, the fact that Schneider Electric had to admit a serious vulnerability in its DCIM software is significant: safeguarding DCIM from cyber attacks is no small problem.
With cyber attacks and targeted attacks against DCIM solutions on the rise, it’s prudent to survey the current landscape of DCIM security. Let’s answer some common questions about DCIM security.
How will a cyber attack on a DCIM solution impact the infrastructure it supports?
It depends on how integrated a DCIM solution is with the data center and on the type of attack waged.
What’s the worst case scenario? Since a DCIM solution controls data center computers, such as switching off servers and power equipment, a cyber attack upon DCIM can, in theory, result in the collapse of the data center.
Where in the chain of DCIM do these DCIM attacks typically occur (i.e.: on sensors / devices, communication protocols or in the software itself)?
Attacks can happen anywhere.
An attack against a data center can occur at any vulnerable point within it: communications spoofing, intrusion via a management protocol (such as through the SNMP write community string), using SQL to attack the database, and through DCIM hacking into the system (for example: Schneider’s software detection of unencrypted passwords yielded this as a very real possibility).
Is it possible to enhance DCIM security? If so, how and where in the chain should security protections be added?
Yes, DCIM security can be enhanced. To guard against attacks, DCIM should be safeguarded to the fullest extent possible. DCIM can and should be secured on three levels: technology, implementation and practices (or procedures):
- Technology:
DCIM software should be designed with proactive architecture that safeguards itself in the event of a cyber attack. - Implementation:
The DCIM environment should be configured in a way that implements its security features and the infrastructure which it supports. - Practices:
Methods of deployment and operation should follow good practice, ensuring that any personnel interacting with DCIM do so within safe parameters, following guidelines that have been established for optimal security.
In general, the DCIM user can control implementation and practice. The technology, however, depends upon the initial decision makers who purchase the DCIM solution and, of course, the DCIM vendor.
Use-Case Scenario
Since we are DCIM vendors, we’ll examine how we use our solution netTerrain DCIM internally as a use-case scenario for this article.
Technology:
netTerrain supports SSL and Active Directory, and it is FIPS compliant. netTerrain’s is built with security at the forefront: it includes suitable layered architectures, the ability to access security even at the level of the APIs, adequate parameterization to prevent SQL injection, and security standards such as OWASP Top 10.
For us, security is not optional. Numerous high-security needs organizations such as banks, government agencies, and universities make up our list of clients; security is an integral part of netTerrain’s design and architecture.
Implementation:
The numerous intrinsic security features within netTerrain DCIM are of little use if not used wisely. In our internal network, we’ve isolated parts of the network in layers. The system can only be accessed through a double authentication process: one must first enter a primary network through a secure VPN connection and then move to a second corporate internal network that contains the most critical elements under various protection schemes. Additionally, netTerrain DCIM collects as much information as possible using only secure protocols.
Practices:
We take measures to ensure security through best practices on several levels:
- Personal / human:
We don’t distribute access to personnel unless absolutely necessary. Furthermore, no one enters our system from any public network and we employ and rotate strong keys (a robust scheme based on phrases). - Infrastructure:
In addition to following best practices, we take the following actions: we disable access to computers that do not need it; we don’t use default configurations on computers; we don’t use or expose unnecessary protocols; we disable unnecessary ports; we strictly configure firewalls; and, finally, we keep operating systems and applications — including the DCIM itself — up-to-date.
The final step in our security measures? We create and keep a backup scheme for all critical systems in a replicable DCIM environment.
Are there more secure communication protocols that can be implemented throughout the data center?
At each level of the OSI architecture, more secure protocols are available. As these generally impact the DCIM solution, it is important to use the right technology, proper implementation and best practices to support them.
Here are two concrete examples:
In layer 7, for example, https is far more secure than http. It is important that the DCIM system can be configured on the server with SSL enabled for a user to communicate via https.
In layer 5, SSH is more secure than a normal remote connection. Many DCIM solutions will allow access to computers from the software itself; DCIM should be able to work with SSH.
In network management, there are many differences: for example, CMIP or SNMPv3 are much safer than SNMPv2 or 1. DCIM must be able to perform discovery using SNMPv3.
However, these technologies do not automatically translate to greater security. With network management, if the computers that are in the network support SNMPv3 but are configured with SNMPv2 (something that is very common) — or SNMPv3 is configured but the authentication and encryption flags are OFF — it loses security efficiency.
Not all components of a data center can be secured. In fact, older technologies often do not support certain security standards, either at the level of communication protocols, operating systems or other aspects. With older technologies, the only fix would be to either replace them or project them through a gateway, if applicable.
With DCIM software, can security features guarantee no unauthorized access?
As we discussed above, software design can only go so far: human error happens. Therefore, an absolute guarantee of zero unauthorized access simply can’t be made.
No amount of good software architecture can guarantee zero unauthorized access due to human error, however, using a software with strong architecture, and establishing security best practices to follow, can greatly minimize the risk of a cyber attack against your DCIM solution and data center.
Are threats increasing, especially with the increase in smart devices?
Without a doubt. The fact that more computers are connected means that more data is accessible through networks; this obviously increases the likelihood of threats.
For example, devices once had access to the system only through serial ports that required dedicated hardware for access. Now, smart devices can access the system via IP over a network and “dumb” devices can be managed through SNMP. As a result, data center and industrial environments now implement more software, and more of that software is web and accessible from the outside.
Additionally, the Cloud implements a number of services and integrates them with the corporate environment via APIs; this makes networks accessible from anywhere in the world.
IoT has gained a great deal of currency in a short amount of time. With the data center, you can process the information collected by multiple sensors to make strong decisions.
Can lessons learned from DCIM security set standards for IoT implementations beyond the data center?
It’s not possible for DCIM environments to place too high a premium upon security. With netTerrain DCIM, we’ve created a DCIM solution that elevates safety to its deserved height; however, it seems we’re beating to a different drummer over here.
Too many DCIM manufactures offer platforms based upon a mix of acquired technologies, obsolete architectures, closed schemes and plain-old bad engineering. Do we have evidence? Just look at the staggering number of failed implementations.
DCIM, as a concept, still gravitates heavily towards infrastructure and less towards IT.
In the past, infrastructure personnel approached the issue of security with an outdated point of view. Furthermore, it is rare for industrial security personnel to even sit down and talk to IT staff, the team that stands at the forefront of vulnerability issues. Why? The industrial network used to be an isolated entity, but that’s obviously no longer the case: with the proliferation of management over IP for any device and IoT, industrial networks have become more vulnerable.
But, back to the meat of the question: if we look at DCIM from an integral point of view — as the union between IT management and the data center infrastructure — and assume the DCIM software is robust and well integrated with good practices, then, yes, recommendations for the industrial world and IoT can be made from DCIM.
Secure DCIM upholds the same principles as the recommendations discussed above: at a technological level, replace obsolete systems that do not have adequate security mechanisms, implement the elements of an IoT within a safe environment and implement best practices around its operation.
Which lessons learned from DCIM, both in security and in general, can benefit the IoT ?
In terms of security, safety for IoT should be about technology, implementation and practice.
What’s my personal opinion? We’ve learned that getting too entrenched in analyst hype is no good. PowerPoint, theories and promises are not practice, and real implementations quickly deflated the hype analysts built.
Right now, as the result of bad DCIM implementations from 3 or 4 large scale vendors, we live in a climate of extreme skepticism toward DCIM. In reality, though, a solid DCIM solution remains vital for any data center today.
Public Enemy famously urged us to not believe the hype. I wouldn’t go as far regarding IoT, but it wouldn’t hurt to tone it down a notch.
*This article has been translated and adopted from the original, published by DCD Media in 2017.