The Big Hack

You can use the capabilities of Solarflare NIC-based security to mitigate Big Hack vulnerabilities.

Add me to your security email updates

A Scary New Threat

Two recent articles by Bloomberg titled “The Big Hack” and “New Evidence of Hacked Supermicro Hardware Found in US Telecom” talk about custom chips which were built to look like signal conditioning couplers or modified RJ45 connectors, but which incorporated memory, networking, and sufficient processing power to launch an attack on the server in which they are installed. It was reported that these microchips were inserted on the motherboard at the factories and that the sabotaged servers have made their way inside data centers operated by several dozen multi-national companies.

Once a compromised server was installed and switched on, these microchips would wait a random amount of time before “phoning home” to receive instructions. These instructions could have the capability to alter the operating system’s kernel so it could accept modifications.

From CPU exploits in January to now a BMC based attack, 2018 represents the latest in a nearly year-long culmination of attacks against the architecture of the server.

Quarantining The Big Hack Vulnerability

Solarflare’s Network Interface Cards (NIC) are the only standard NICs in the market with a tamper-proof Application Specific Integrated Circuit (ASIC) that have been specially engineered to block network flows that comprise this class of exfiltration exploit. This limits hardware and software breaches which use the network as an attack vector. With both hardware management, and a first-generation firewall are built in, Solarflare’s ASICs can drop ALL covert “phone home” communications routed through them which is destined for the attacker’s command and control network. Solarflare NICs enable you to reroute BMC network traffic to facilitate remote system management. Once this is completed the onboard Gigabit Ethernet BMC connection MUST be abandoned in order to completely secure the server.

By contrast, traditional cyber security companies don’t make ASICS and so they rely on a secure underlying hardware platform. Although servers are constructed as a trusted platform, the attack surface is large; once the trusted platform is compromised so are the products from these traditional cybersecurity companies.

The Solarflare ServerLock™ hardware firewall runs within the ASIC on our NICs allowing you to easily configure security policies that readily prohibit all illicit “phone home” communications. The ServerLock™ software management bundle includes a sample whitelist filter file to limit a server to internal network traffic only, or optionally add very specific outbound communications. Additionally, you can also add alerts for specific classes of traffic -- even traffic that is being dropped by the default security policy.

This enables Solarflare to protect your server, and all of the production network traffic traveling through it while also quarantining an entire class of security vulnerability.

Big Hack Email Updates

If you would like to receive updates about threats such as Big Hack, Meltdown, and Spectre, just click here: Add me to your security email updates.