Cybersecurity

9711 readers

12 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

Researchers disclose vulnerabilities in IP KVMs from four manufacturers (arstechnica.com)

submitted 2 days ago by Rekall_Incorporated@piefed.social to c/cybersecurity@sh.itjust.works

7 comments fedilink hide all child comments

Internet-exposed devices that give BIOS-level access? What could possibly go wrong?

you are viewing a single comment's thread
view the rest of the comments

[–] philpo@feddit.org 1 points 21 hours ago

...while Lazyness surely is an added bonus,you still do not understand the purpose of IP KVM/BMC for anyone beyond a lazy homenet enthusiast (which is fair enough,but don't critisise people for stuff then).

BMC/KVM is must when it comes to professional deployments - for even a small DC or most professional settings anything else is unfeasible. And sadly in these settings at some point you will need some point of internet access (Which in most cased a VPN will do fine unless you are customer facing). And no, your solution via jump host is not a good idea - it simply adds a single point of failure that caused a false sense of security (great now you have only one device you need to get into and behind that it's open field). Besides it's highly unfeasible for a multiuser enviroment.

Proper Zero Trust, proper firewalling/IDS/IDM proper network segmenation AND proper device security are key.

Tbh, I am not surprised Gl.i was hit so hard here - they chucked out a LOT of new KVM devices recently that it was somewhat likely they had issues - which is a shame because some of their devices have some unique selling points. Meanwhile I am more surprised that nanoKVM came back with only one issue - their traffic patterns are a major headache still.