Harden Your Server Cybersecurity With APEX AIOps Infrastructure Observability cybersecurity
Download PDFWed, 31 Jul 2024 18:53:47 -0000
|Read Time: 0 minutes
Introduction
It can take years for organizations to build a good reputation with their customers and a few minutes of a cybersecurity related incident to ruin it. Cybersecurity teams and server administrators must use every tool in their armory to harden infrastructure. This document is an overview of a number of APEX AIOps Infrastructure Observability cybersecurity capabilities that every Dell PowerEdge customer should know about.
Dell’s APEX AIOps Observability is an AI-driven, cloud-based application designed for proactive management and predictive analytics of Dell infrastructure including, including PowerEdge servers, storage and networking. Predicting, preventing and resolving incidents quickly, ensuring services availability is not compromised. Infrastructure Observability is part of a comprehensive suite that includes application observability, incident management, and simplifying operations by transforming server data into actionable insights. For PowerEdge customers, APEX AIOps Observability enhances cybersecurity by enabling configuration policies based on server configuration best practices, flagging relevant CVEs, and highlighting then deploying the latest applicable firmware updates. AIOPs Infrastructure Observability is included at no additional cost for systems covered by a ProSupport or higher Dell support contract.
Cybersecurity Server Configuration Management
APEX AIOps Observability enables customers to build a cybersecurity configuration policy for BIOS, server firmware and iDRAC settings. This policy is constructed from a number of ready-to-use, “click to select” configuration criteria tests. The pre-defined list of configuration settings values are based on Dell's best practices and the American NIST (National Institute of Standards and Technology) cybersecurity framework.
An Architecture For Rapid Results
A server specialist with the right Dell skills, who understands the exact security configuration settings and correct values, can create a server configuration profile “SCP” and use it directly with the integrated Dell Remote Access Controller (iDRAC) or OpenManage Enterprise (OME) configuration template feature to set server configurations. However, APEX AIOps Observability offers a much quicker and simpler method to implement a cybersecurity assessment policy that is built on Dell’s recommended settings and values. To further streamline the cybersecurity process, APEX AIOps Observability can aggregate multiple OME instances, offering a consolidated view of servers across all locations. Some organizations may choose to use both OME and APEX AIOps Observability to demonstrate separation of configuration compliancy and security management.
Figure 1. Cybersecurity Status Summary Tile from APEX AIOps Observability Home Page
The above cybersecurity tile provides an aggregated view of risk levels, displaying the number of systems in each risk category and the total number of detected issues. Risk levels are determined by the predetermined severity level and number of issues per server. For example, a server with one or more high risk problems is categorized as high risk, but a server with more than five non-high-risk issues, including at least one of them being a medium risk issue, is also categorized as high risk.
Identify Risks Fast
The system risk dashboard classifies each server with an applied policy, displaying them in individual cards that show their cybersecurity risk status. This allows customers to quickly prioritize actions and expedite time to resolution.
Figure 2. Cybersecurity System Risk Dashboard for All Systems
Beyond the dashboard, the security assessment status provides detailed information for each server, including recommended actions to restore any deviated security configuration to the preferred state. A donut chart displays the percentage of selected rules from the total list of tests in the risk evaluation plan assigned to each server, see figure 3.
Figure 3. Cybersecurity Risk Details and Recommendations
On the system detail page under the cybersecurity tab, there are details about the evaluation plan and its status. Below the system risk level summary, the page has two tabs: Cybersecurity Issues, which details the non-compliant elements with corrective actions, and Evaluation Plan, which details the entire plan and the selection status of each test.
Figure 4. Cybersecurity configuration criteria test selection
Customers can also select to receive an APEX AIOps Observability Daily Digest email that includes a Cybersecurity status summary.
Figure 5. Example daily digest report
Enablement and Security
As you would expect, APEX AIOps Observability includes several security access controls for administrator and user accounts. There are two Cybersecurity roles built to APEX AIOps Observability: Cybersecurity Admin and Cybersecurity Viewer. These roles can be assigned from accounts with APEX AIOps Observability administrator rights.
Figure 6. Role based access control configuration
APEX AIOp’s Infrastructure Observability Common Vulnerabilities and Exposures
Common Vulnerabilities and Exposures (CVE) are publicly disclosed information security vulnerabilities. Hardware and software vendors publish these to inform customers of known issues and their remediation.
APEX AIOps Observability can easily flag relevant CVEs based on the server model and specific system configuration. The security advisories screen displays relevant CVEs associated to the managed servers. Each reported CVE includes a hyperlink to the affected server under Advisory ID and a separate hyperlink in the action column linking to the Dell CVE site with alert details and remediation (see fig 7). The CVEs are categorised, with the most impactful marked as critical. CVEs are also highlighted per server under infrastructure.
Figure 7. APEX AIOps Observability Reporting Relevant Security Advisories
APEX AIOps Infrastructure Observability Server Firmware Updates
The system update feature allows customers to check if Dell has posted any firmware updates, such as BIOS updates. It compares the managed list of installed servers to a selectable, published Dell firmware catalog. Any non-compliant server is displayed with its current and available firmware versions, along with a hyperlink to the release notes. Dell assigns a severity level to these updates, ranging from optional or recommended to urgent. Multiple servers with multiple updates can be selected and scheduled for deployment. These updates can also be staged to wait for the next server restart.
Figure 8. Scheduled server firmware update
PowerEdge Cybersecurity Evaluation Plan Test Ellements
The table below shows a selection of some server metrics available. A complete list can be found in the Appendix of the technical white paper referenced to in references section. The table below details each test criteria and the family they belong to.
Family | Title |
System & Communications | IPMI over LAN interface is disabled |
System & Communications | IPMI Serial over LAN is disabled |
System & Communications | Virtual Console encryption is enabled |
System & Communications | Virtual Media encryption is enabled |
System & Communications | Auto-Discovery is disabled |
System & Communications | VLAN capabilities of the iDRAC are enabled |
System & Communications | iDRAC Web Server has TLS 1.2 or TLS 1.3 enabled |
System & Communications | iDRAC Web Server HTTP requests are redirected to HTTPS requests |
System & Communications | Virtual Console Plug-in type is enabled |
System & Communications | iDRAC is using the dedicated NIC |
System & Communications | iDRAC Web Server has TLS 1.2 or TLS 1.3 enabled |
Access Control | IP Blocking is enabled |
Access control | VNC server is disabled |
Access control | The SNMP agent is configured for SNMPv3 |
Access control | Quick Sync Read Authentication to the server is enabled |
Access Control | SSH is disabled |
Access Control | User Generic LDAP authentication on iDRAC is enabled |
Access Control | User Active Directory authentication on iDRAC is enabled |
Configuration Management | USB Ports are disabled |
Configuration Management | Telnet protocol is disabled1 |
Configuration Management | System Lockdown is enabled |
Configuration Management | Configure iDRAC from the BIOS POST is disabled |
Audit & Accountability | NTP time synchronization is enabled |
Audit & Accountability | NTP is secured |
Audit & Accountability | Remote Syslog is enabled |
System & information integrity | Local Config Enabled iDRAC configuration on Host system is disabled |
System & information integrity | Secure Boot is enabled |
Identification & Authentication | Password has a minimum score of Strong Protection |
Identification & Authentication | LDAP Certificate validation is enabled |
Identification & Authentication | Active Directory Certificate validation is enabled |
Identification & Authentication | iDRAC Webserver SSL Encryption using 256 bit or higher |
Identification & Authentication | iDRAC Web Server - SCEP is enabled |
Table 1. Starting iDRAC 9 firmware release version 4.40.00.00, telnet feature is removed from iDRAC
Conclusion
Unlike typical IT team members, APEX AIOps Observability doesn’t need to eat, sleep or take holidays, allowing organizations to rely on its cybersecurity policies to continuously monitor for non-compliant servers. Cybersecurity features are built into APEX AIOps Observability to enable customers to expedite the delivery of server security through automation of pre-defined tests, CVE alerting and firmware update visualization. This offers high flexibility while maintaining governance and control that cybersecurity teams need to enforce. APEX AIOps Observability further reduces risk and enhances IT productivity by displaying cybersecurity and system health status of servers, along with the wider Dell infrastructure portfolio, within a single convenient, cloud-based portal.
References
Dell APEX AIOps Observability Home page product information and videos
Building and Tracking Dell AIOps Observability Cyber Security Policies for PowerEdge Servers Video
Technical Knowledge Page For OpenManage Enterprise APEX AIOps Observability Plugin
Dell Security Advisories, Notices and Resources Portal
Additional Cybersecurity Related Solutions from Dell