Security Alert - PCI Compliance Issues Discovered with Service Processors

SANS Institute, the nation's largest IT security and audit training organization (www.sans.org) recently discovered every computer delivered today has an onboard service processor that is discoverable and open to hacking. Existing log management systems are blind to this threat. PCI standards mandate companies using credit card information must protect against this threat or be subject to fines and litigation if credit card information is stolen. Service processors present an unaudited entry point where credit card data can be stolen or compromised.

Security Alert - Green Data Center

The green data center is the new buzzword in computing. Going "green" entails a move to virtualization, use of the service processor to power on and off equipment, using rack mounted devices and monitoring, then optimizing power consumption in the data center.

NERC CIP Cyber Asset Alert: Service Processors Classified As Critical Cyber Assets

Problem: Onboard service processors present on virtually every computer or infrastructure device have been determined to use a "routable protocol" and thus constitute access points to "critical cyber assets." This is a clear threat to the energy power grid and must be mitigated.

IT Audit Security Alert: Log Management Systems Blind to Virtualization

Virtualization is on the lips or in the budget of every major IT shop. New security problems with virtualized environments are being discovered rendering virtualization a potentially insecure solution for PCI, HIPAA Compliance, Sarbanes Oxley compliant environments.

IT Audit Security Alert: Service Processors Subject to Inside and Outside Intrusion

SANS Institute, the nation's largest IT security and audit training organization (www.sans.org) recently discovered every computer delivered today has an onboard service processor that is discoverable and open to hacking. Existing log management systems are blind to this threat.