The present invention relates generally to the field of network security, and more particularly to an intrusion detection system for service processors.
An intrusion detection system (IDS) is a device or software application that monitors network or system activities for malicious activities or policy violations and produces reports to a management station. IDSes may detect suspicious traffic in many different ways, and may be network-based and/or host-based. Intrusion detection systems that also attempt to stop intrusion attempts (in addition to detecting them) are called intrusion detection and prevention systems (IDPS). IDPSes are generally focused on identifying possible incidents, logging information about them, and reporting intrusion attempts. Organizations may also use IDPSes for other purposes, such as identifying problems with security policies, documenting existing threats, and deterring individuals from violating security policies.
A baseboard management controller (BMC) is a specialized microcontroller embedded on the motherboard of an appliance or computer, generally a server. The BMC manages the interface between system management software and platform hardware. Different types of sensors built into the computer system report to the BMC on parameters such as temperature, cooling fan speeds, power status, operating system (OS) status, etc. The BMC monitors the sensors and can send alerts to a system administrator via the network if any of the parameters do not stay within preset limits, indicating a potential failure of the system. The administrator can also remotely communicate with the BMC to take some corrective action such as resetting or power cycling to reinstate operational capabilities of the system.
U.S. Pat. No. 8,732,829 B2 discloses a system and method for monitoring and securing a baseboard management controller. As indicated in the Abstract, “the method includes coupling to a baseboard management controller of a computer system via a console port, maintaining a persistent connection to the baseboard management controller, monitoring data from the console port, determining from the data whether an unauthorized access has occurred, and sending an alert if the unauthorized access has occurred.”
In today's networking environments, a BMC may present a significant security exposure because administrators are likely to overlook the fact that a BMC is connected to the network. The computing power and memory of a BMC is typically very limited, which makes deploying a network security module (e.g., a packet inspection module) in the BMC not practical. As such, prior art computer systems do not protect against network intrusions, denial of service attacks, or spoofing attacks. Furthermore, most network security software available today is x86 based, which makes porting the network security software to a BMC a difficult task due to the architecture of the BMC.