1
Firmware / network card to reduce attack surface?
« on: April 13, 2022, 11:43:07 am »
I have updated the BMC firmware in the past [see 2021-03-21 post], but as time passes I'm uncomfortable with the attack surface exposed by the BMC listening on the motherboard network ports. My current solution is to unplug from those and instead add a network card on the PCI bus. I still have serial connections for BMC and POWER for doing system administration.
Is there a simpler way to achieve this? Perhaps a BMC configuration trick that disables NC-SI?
Is there a simpler way to achieve this? Perhaps a BMC configuration trick that disables NC-SI?