HPE Community
HPE 9000 and HPE e3000 Servers
1753449 Members
5952 Online
108794 Solutions
New Discussion юеВ

Setcurity Alerts for GSP Ports

 
SOLVED
Go to solution
Mick_chair
Advisor

тАО09-24-2010 04:05 AM

тАО09-24-2010 04:05 AM

Setcurity Alerts for GSP Ports

Hi,

Does anybody know is HP release security advisories for GSP ports ?
0 Kudos
6 REPLIES 6
Horia Chirculescu
Honored Contributor

тАО09-24-2010 04:12 AM

тАО09-24-2010 04:12 AM

Re: Setcurity Alerts for GSP Ports

Are you talking about PDC firmware?

This should be availlable for any kind of server. Try the relevant "Download drivers and software" section for your server.

Best regards
Horia.
Best regards from Romania,
Horia.
Mick_chair
Advisor

тАО09-24-2010 04:21 AM

тАО09-24-2010 04:21 AM

Re: Setcurity Alerts for GSP Ports

I was thinking more along the lines that if I have a security check on a machine with a GSP port connected to the network - Would I be able to make a statement that HP do no release security advisories for GSP firmware . I appriciate that there may be instances where firmware needs to be updated for Techincal reasons - but not to remidiate a security vulnerablilty ?
0 Kudos
Horia Chirculescu
Honored Contributor

тАО09-24-2010 04:29 AM

тАО09-24-2010 04:29 AM

Re: Setcurity Alerts for GSP Ports

First of all, having a GSP port connected to the (outside) network I would consider a security vulnerability by itself.

Like any other piece of firmware, of course new releases would cover also some or all security vulnerabilities. Read "Fixes".


Best regards,
Horia.
Best regards from Romania,
Horia.
Dennis Handly
Acclaimed Contributor

тАО09-24-2010 10:32 AM

тАО09-24-2010 10:32 AM

Re: Setcurity Alerts for GSP Ports

What type of server do you have?
If it is a GSP, there is probably no security at all except for simple passwords and possibly without SSL to encrypt the traffic.
Bill Hassell
Honored Contributor

тАО09-24-2010 04:12 PM

тАО09-24-2010 04:12 PM

Solution

Re: Setcurity Alerts for GSP Ports

You can safely assume that all GSP and MP connections are huge security risks. First, all but the very latest machines have a trivial plain text telnet login and password. Many sysadmins don't set the login/password or use trivial strings. Second, the GSP/MP LAN connection is often on the same subnet as all other traffic (big no-no). The GSP/MP menu allows a hacker to power off or crash the machine. The hacker could also reset the system to force a reboot and then boot the system into single user mode and compromise everything on the system.

The GSP/MP ports cannot be made secure by modern network standards (they are independent microprocessors with a small ROM and no meaningful connection to the HP-UX system). So the advisory is to put the console LAN cable on a high security, unrouted subnet with an authentication portal. Put all your routers, switches, firewalls, etc that have access ports on this restricted subnet.


Bill Hassell, sysadmin
Mick_chair
Advisor

тАО09-26-2010 11:53 PM

тАО09-26-2010 11:53 PM

Re: Setcurity Alerts for GSP Ports

Many thanks for all your responses - I think I havve enough informtion to move forward on this .
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.