Is sharing of IP KVMs between test servers & critical Prod servers considered riskly

We have a pool of IP KVMs that is shared between non-critical Development Windows servers
& critical production payment systems:  as the IP KVMs don't allow files upload/download
(the KVM is just like vCenter's console to its Windows guest clients), is this considered a risk?

Access to the IP KVMs are via a couple of controlled PCs housed in a physically secure room though.

I don't have the model/brand of the IP KVM currently but can enquire tomorrow.
sunhuxAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

masnrockCommented:
Well, my question would be whether those development and critical systems are on the same network (risk related, but not in the scope of your question). But also, how exactly does one access the KVM? Does someone have to get onto the VPN first, or can it be accessed directly from the outside? Obviously, the prior would lower the risk as there is at least an intermediate step that must be taken first.
0
Dr. KlahnPrincipal Software EngineerCommented:
If I was the IT security coordinator on site, I certainly would not permit it.

is this considered a risk?

I'd consider it a risk; see below.

as the IP KVMs don't allow files upload/download

That turns out to be not the case.  Text can be uploaded through a KVM directly by cut-and-paste and any kind of binary file can be uploaded by use of a terminal file transfer program such as Kermit.  All that is necessary is for a hostile to scavenge an unclosed session on a KVM.

Access to the IP KVMs are via a couple of controlled PCs housed in a physically secure room though.

Unfortunately, the behavior of people cannot be guaranteed.  If someone is passed over for promotion or is a compulsive gambler (to name but two possibilities), anything can happen in a secure room.
1
nociSoftware EngineerCommented:
Besides the previous the KVM might be a problem as well. What if some developer wants to reboot a system and selects the wrong server..., which happens to be logged on by someone else.... and not yet screenlocked.

So the question in such a case should be "What could possibly go wrong..."... if there is nothing that could go wrong (by intend or accident) i might be acceptable. IMHO development/testing should be on diferent locations.
1
btanExec ConsultantCommented:
In all good will to separate critical and non-critical segment, there should be a clear segregation through firewall VLAN etc, to the extend even air gap. KVM over IP actually bridged this two network unless it is so sure that the device has "air gap" in its ports. You wouldn't want to risk any opportunity for attacker to exploit the KVM device and pivot from non-critical into the critical segment or vice versa. It is like in public sector, the high exposure in internet surfing segment is asked to be air gap from the intranet segment. You need to make the due risk assessment and risk acceptance by your system owner or higher.

Nonetheless, the hardening of the device can still help and augment with all remote admin with 2FA and dedicated secured kiosk in an Ops room for the contractor or similar out sourced personnel. One of the low hanging fruit is the timeliness of the patching for the KVM device, it is seldom neglected as focus is on server, client and network device - but forgetting it also is a form of switch. And of greater risk since it is often access by the privileged user for remote admin.
In April 2013, British law enforcement agents arrested 12 individuals who exploited a KVM in a Barclays bank branch that was otherwise secured from outside access. One perpetrator posed as an IT technician and successfully installed a USB dongle that had 3G connectivity. Once they gained physical access to the KVM, cellular technology enabled the hack. By the time the gang was caught, they had stolen 1.3 million pounds. This incident reinforces the notion that while unauthorized access to the KVM is difficult, it is by no means impossible.
 

Like any device on a network, these switches will be vulnerable to attacks from anywhere on the network. Leaving any kind of device that is not frequently patched and making thing worse, having it also publicly accessible is always a bad idea, whether it be IPMI, KVM-over-IP, etc. Have all of your IPMI/KVMoIP on a private subnet that you access through a hardened jumpbox minimally. You can then measure the risk and residual of it as you layer more controls e.g. 2FA, etc
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
sunhuxAuthor Commented:
>how exactly does one access the KVM? Does someone have to get onto the VPN first, or can it be accessed directly from the outside?
>Text can be uploaded through a KVM directly by cut-and-paste and any kind of binary file can be uploaded by use of a terminal
> file transfer program such as Kermit.  
For our KVM, you don't need a VPN first : it appears (I may be mistaken) that the KVM dongle is some sort of custom IP server
that I was told does not offer files upload/download;  I was further told you can't do copy/paste but who knows, the appliance
may have flaws
0
btanExec ConsultantCommented:
Nothing is bugless and it is the vulnerability which has patch but not done timely that can lead to all these exploit attempt. Further opening up to remote site from internet even with VPN should be avoid.

Risk assessment still need to be done properly as there can be controls in place ti reduce it and segregation of network should be maintained regardless to reduce the exposure. In event incident does happened the KVM must be (let say) removed then just go for local administration.. All about risk appetite..

Best not to mix critical asset with other non critical system otherwise common supporting device are potential risk which may be better to go for clean separation.
0
Dr. KlahnPrincipal Software EngineerCommented:
the KVM dongle is some sort of custom IP server that I was told does not offer files upload/download

That means it's running some kind of tiny linux, and I'd be willing to bet it can be subverted by attaching a $2 USB-to-serial adapter to an internal JTAG / serial header.  No developer ever locks out the serial console.  Once that's done I sit down comfortably with my laptop or tablet and the world ... ah, the host system is my oyster.
0
btanExec ConsultantCommented:
for author advice
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.