Recently CISA and NSA released a joint Information Sheet that details how to mitigate threats against Baseboard Management Controllers (BMCs). A BMC is a management tool that allows monitoring of the devices remotely including when the system is not on.
CISA and NSA suggest the following if using a BMC:
- Protect BMC credentials
- Enforce VLAN separation
- Harden configurations
- Perform routine BMC update checks
- Monitor BMC integrity
- Move sensitive workloads to hardened devices
- Use firmware scanning tools periodically
- Do not ignore BMCs
You can find the details for each suggested mitigation HERE.