ATP Module 2

Gen10 Trusted Platform Module (TPM)

works with programs such as Microsoft Windows BitLocker to increase data security by storing the encryption startup key in hardware on the server, which provides a more secure environment by pairing the drive to the server

Functionality of Secure Boot

• All UEFI drivers, OS boot loaders, and UEFI applications are digitally signed. • Binaries are verified using a set of embedded trusted keys. • Only validated and authorized components are executed. • Creates a Chain of Trust. Improved solution over TCG Trusted Boot.

Learning Objectives

• Explain how security risks impact customers • Identify the security technologies embedded in HPE ProLiant servers • Learn more about how the new Gen10 security features make HPE unique • Describe HPE chassis and rack-scale security.

Features of ILo 5

• Immutable Silicon Root of Trust for Secure Start with ability to automatically rollback to known-good firmware • Common Access Card (CAC) two-factor authentication support • OpenLDAP support • Additional iLO security modes • Granular control of all iLO interfaces • Run-time Firmware Validation to verify integrity of iLO and BIOS

Timeline of iLO

• Silicon Root of Trust begins when iLO powers up - HPE-designed logic in iLO chip validates the iLO firmware - After successful validation iLO waits for server power on - If iLO firmware validation fails, iLO performs recovery to last known good image • iLO firmware then validates the system ROM - Digital signature must match or the ROM is not executed - iLO firmware is trusted, then the ROM is trusted (Chain of Trust) • ROM then validates Option ROMs and the OS Bootloader via UEFI Secure Boot - Option ROMs and OS Bootloader are not executed if they fail authentication.

When ILO is set to High security mode:

• iLO enforces the use of AES ciphers over the secure channels, including secure HTTP transmissions through the browser, SSH port, iLO RESTful API, and RIBCL. When HighSecurity is enabled, you must use a supported cipher to connect to iLO through these secure channels. This security state does not affect communications and connections over less-secure channels. • User name and password restrictions for iLO RESTful API and RIBCL commands executed from the host system are enforced when iLO is configured to use this security state. • Remote Console data uses AES-128 bidirectional encryption. Security Rev. 18.11 M2-16 Confidential - For Training Purposes Only • The HPQLOCFG utility negotiates an SSL connection to iLO and then uses the strongest available cipher to send RIBCL scripts to iLO over the network. • You cannot connect to the server with network-based tools that do not support TLS 1.2. • The system maintenance switch setting to bypass iLO security (sometimes called the iLO Security Override switch) does not disable the password requirement for logging in to iLO.

When iLO is set to CNSA/Suite B:

• iLO operates in a mode intended to comply with the SuiteB requirements defined by the NSA, and • Security is high enough for systems used to hold United States government top secret classified data. • You cannot connect to the server with network-based tools that do not support TLS 1.2. • The system maintenance switch setting to bypass iLO security (sometimes called the iLO Security Override switch) does not disable the password requirement for logging in to iLO.

when iLO is set to production mode:

• iLO uses the factory default encryption settings. • The system maintenance switch setting to bypass iLO security (sometimes called the iLO Security Override switch) disables the password requirement for logging in to iLO.

Gen10 supports:

- Embedded firmware-based TPM 2.0. - Optional Discrete TPM Module configurable for TPM 1.2 or TPM 2.0. • Embedded FW-Based TPM 2.0 called Platform Trust Technology (PTT) - Fully functional as TPM 2.0, but is NOT certified. - Does NOT support Command Response Buffer (CRB). Supports FIFO. - Disabled by default. • Optional Discrete TPM - One module will support TPM 1.2 or TPM 2.0 mode. - Can be configured for FIPs mode. - TPM is "logically bound" to the platform by the BIOS.

iLO Advanced Premium Security Edition

-Automatic Secure recovery Runtime FW validation -Secure Erase of User Data -COmmercial National Security algorithms

iLO Advanced

-CAC 2-factor authentication -remote system logs -remote console -virtual media -directory services -ArcSight unique connecter -Kerberos 2-factor authentaction

CNSA/Suite B mode

-Commercial National security Algorithms -highest level of security in the industry -unmatched by any competitors - highest levesl of cryptography on network interface -requires installation of CNSA-grade certifications -includes all FIPS mode security protocols

FW runtime Validation

-Daily checknigof firmware every 24 hours verifying calidity and credibility of UEFI, CPLD, ILO, IE, and ME -Valid and secure firmware copy sroted in lock-box -firmware on other HPE options like drives and NICs can be checked as well -alert of compromised code through ILO audit logs

Commercial National Security Algorithms

-Highest level of security not offered by any other idnustry server providers - typically used for handling the most confidential and sectet info - useds the highest level of cryptography in the histroy -no increase in server latency

Modes for HPE Secure Compute Lifecycle:

-Production Mode - High security Mode -FIPS 140-2 mode -CNSA/Suite B mode

Secure Recovery

-Recovering firmware to known good state after detection of comproomised code - options to recover to factory settings or last known good or not recovering at all taking server offline

ILO Standard

-Silicon Root of trust -FW supply chain attack detection - FIPS 140-2 level 1 validation -Secure made BIOS (TAA) -Manual secure recovery -authenticated updates -common criteria -single sign-on -secure start -measured boot -UEFI secure boot -agentless management -remote firmware update -trusted eXecution technology -NIST 800-147b BIOS/UEFI protection

3 main areas HPE has focused on for the new gen of compute experience:

-agility -economic control -security

Silicon Root of Trust

-anchoring the root of trust into the sillicon -only HPE offers industy standard servers ith major firmware anchored into the silicon -provides impenetrable protection through entire supply chain: manufactiong, distriburion, shipping, config, and installation -millions of lines of firmware code run before server opertaing system boots

High security mode:

-closes off host interface to traffic -higher-grade cryptography -requires authentication and ecryption on SW running on host -FIPS-level cryptography on network interface

FIPS 140-2 mode

-fed information processsing standars -140-2 Level one -increased crypotgraphy -FIPS validated -disables non-FIPS interfaces

Secure Recovery

-initiated automatically by iLO, recovering from a known good version of the firmware -iLO Advanced Premium security editition license is required to achieve automatic recovery of the ROM

Production Mode

-secure on network -trusts OS authentication -Max interoperability with existing software

Whats the average time that cyber criminals may be insside an org before detection?

99 days

Silicon Root of Trust

Fingerpritn installed in the silicon ensuring the server will never boot with comprimised firmware

HPE Security Focus:

HPE Secure compute - Network (Secure Access to the network) -Storage(Secre data storage) -Supply chain security -Service(Poiintnext)

Which layer is HPE Gen10 focused to deal with growing concern for potential firmware or BIOS attacks?

Physical

UEFI secure Boot

Platform feature in UEFI that replaces the traditional BIOS.

iLO standard comes with which modes?

Production, high security, and FIPS-140-2

SSD

Security Feature: -Digitally-signed fw Value: -prevents fw attacks

Smart array controller

Security feature: -HPE smart Array secure encryption license Value: -Data is encrypted at controller lever

Network Adapter

Security feature: -HW RoT, secure boot, sanitation, authentication, ad device level firewall Value: - enables certified trusted and digitally signed fw for intial config and updates; protects the server via the network

DRAM Memory

Security feature: -authentication process/algorithm Value: -assures genuine HPE memory and no conterfits

Data-at-rest encryption

Security feature: -license for encryption capability that is intergrated into smart array conrtoller firmware Value: -encrypts data for protection against any malicious attack while not in use

Rack and Power

Secutiry feature: -racks with front and rear doors suppport a varity of electronic and biometric locknig solutions for physical security Value: -three-factor ID

Secure Boot Provides

UEFI standard. Works with HPE and third-party cards and major operating systems including: o Windows 8/Server 2012+SLES 11SP3+, RHEL7+, Ubuntu 12.10+, Fedora 18+ o vSphere 6.5+

HPE Secure encryption

controller-based, enterprise-class data encryption solution that protects data at rest on bulk storage hard drives and SSDs attached to a compatible HPE Smart Array Controller. The solution is compatible with the HPE Secure Key Manager, and can operate with or without the presence of a key manager in the environment, depending on individual customer settings.

HPE SmartCache

enables solid state drives to be used as caching devices for hard drive media. Data can be accessed from the solid state drive instead of hard drives. Data stored on the SmartCache drive utilizes the same encryption methods and keys as the originating volume where the data is permanently stored, extending protection to the SmartCache drives.

When iLO is set to FIPS:

iLO operates in a mode intended to comply with the requirements of FIPS 140-2 level 1. • iLO enforces the use of AES ciphers over the secure channels, including secure HTTP transmissions through the browser, SSH port, iLO RESTful API, and RIBCL. When FIPS is enabled, you must use a supported cipher to connect to iLO through these secure channels. This security state does not affect communications and connections over less-secure channels. • User name and password restrictions for iLO RESTful API and RIBCL commands executed from the host system are enforced when iLO is configured to use this security state. • Remote Console data uses AES-128 bidirectional encryption. • The HPQLOCFG utility negotiates an SSL connection to iLO and then uses the strongest available cipher to send RIBCL scripts to iLO over the network. • You cannot connect to the server with network-based tools that do not support TLS 1.2. • The system maintenance switch setting to bypass iLO security (sometimes called the iLO Security Override switch) does not disable the password requirement for logging in to iLO.

Denial-of-Service attack (DoS)

is a cyberattack where the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the internet.

Distributed Denial of service attack (DDoS)

occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers. Such an attack is often the result of multiple compromised systems (for example, a botnet) flooding the targeted system with traffic.

Permanent Denial-of-service attack PDoS

rather than collecting data or providing some ongoing nefarious function, its only aim is to completely prevent its target device from functioning