Rob Wood
NCC Group

Servers are no longer deployed solely within security controlled data centres. For a variety of reasons, such as network latency, servers are often deployed within the networks of low-cost third party cloud providers and foreign ISP data centres. The physical security of these data centres is outside of the server operator’s direct control. Additionally, while supply chain attacks have always been a threat, they have recently been in the news as an increasingly visible concern. The deployment and supply chain realities need to be accompanied by an expansion of threat models which must now include local attacks against the hardware and firmware.

This is the realm below the operating system and hypervisors, where hardware and firmware provide the foundational security of the platform. We will discuss the common architectural shortcomings with current server security solutions as they fail to meet the physical security needs of today. We will also discuss in detail some common vulnerability classes that we see every day in servers covering the range of firmware, circuit, silicon and supply chain. Finally, we will touch on some recent advances, and guidance that you, your equipment vendors, and firmware providers can look to, in order to help ensure that your data remains secure.