Kevin Spencer
asked on
Vulnerability scanning HP iLo's and On Board administrators
Hey Guys,
This is a question/best practices advice...
We have several dedicated subnets for On board administrator/iLO cards in HP C7000 enclosures. These are older cards and enclosures so there is not an upgrade path to the latest firmware without replacing hardware, so we are stuck with TLS 1.0. These subnets are being scanned with every scheduled scan that is taking place, so you would expect the results to be the same scan after scan. However, this is not the case, (the security group is using Qualys, and I am not sure how the scan itself is configured) one scan will detect the presence of TLS 1.0 and all the related vulnerabilities, the next scan (may or may not) see TLS/SSL present at all on the same device, then the next scan will detect the TLS finding again. This flip flopping looks like the the vulnerabilities on these devices are repeatedly being closed and reopened when we know that there state is not changing.
The onboard administrator card is the interface for all the ilo's in the chassis, working out what the scanner is doing with it's default configuration each individual IP is being with 1,700 TCP and 800 UDP probes, times that by 16 ilo ip's and one OA ip, that's a lot of traffic for a low powered device that is not designed to have that amount of traffic sent to it.
So the question is, what are the best practices for scanning these types of devices? I am presuming having a separate group configured in the scanner that sends a smaller amount of traffic than the default would produce more consistent and accurate results?
This is a question/best practices advice...
We have several dedicated subnets for On board administrator/iLO cards in HP C7000 enclosures. These are older cards and enclosures so there is not an upgrade path to the latest firmware without replacing hardware, so we are stuck with TLS 1.0. These subnets are being scanned with every scheduled scan that is taking place, so you would expect the results to be the same scan after scan. However, this is not the case, (the security group is using Qualys, and I am not sure how the scan itself is configured) one scan will detect the presence of TLS 1.0 and all the related vulnerabilities, the next scan (may or may not) see TLS/SSL present at all on the same device, then the next scan will detect the TLS finding again. This flip flopping looks like the the vulnerabilities on these devices are repeatedly being closed and reopened when we know that there state is not changing.
The onboard administrator card is the interface for all the ilo's in the chassis, working out what the scanner is doing with it's default configuration each individual IP is being with 1,700 TCP and 800 UDP probes, times that by 16 ilo ip's and one OA ip, that's a lot of traffic for a low powered device that is not designed to have that amount of traffic sent to it.
So the question is, what are the best practices for scanning these types of devices? I am presuming having a separate group configured in the scanner that sends a smaller amount of traffic than the default would produce more consistent and accurate results?
Last Comment
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
Advice given
Security
Security is the protection of information systems from theft or damage to the hardware, the software, and the information on them, as well as from disruption or misdirection of the services they provide. The main goal of security is protecting assets, and an asset is anything of value and worthy of protection. Information Security is a discipline of protecting information assets from threats through safeguards to achieve the objectives of confidentiality, integrity, and availability or CIA for short. On the other hand, disclosure, alteration, and disruption (DAD) compromise the security objectives.
32K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
