Malware and other cyber-security threats continue to multiply in the enterprise IT environment. Dell’s own Counter Threat Unit (CTU) housed within Dell SecureWorks processes more than 13 billion security events a day and sees more than 30,000 specimen of malware a day. Security threats are almost literally everywhere, but sometimes system vulnerabilities can be found at even the most basic level.
BIOS firmware enables some of the most basic server functions through its unique and privileged position within the server architecture. From setting-up hardware and loading and starting an operating system, the functions this firmware supports are basic but also fundamental to the operation of any system, making them both easy to secure, but also vulnerable to attack.
Dell is constantly working to develop new and improved security features for our core server BIOS and iDRAC designs. For the past four server generations, we have offered digitally signed BIOS and iDRAC firmware updates. Also, we provide all updates (PSU, NIC, PERC, etc.) in DUP form in addition to BIOS and iDRAC. When sourced and deployed as recommended, these provide an extremely high level of protection for these important pieces of server firmware. For our newly introduced Dell PowerEdge 12th generation servers we have further enhanced this to incorporate BIOS protection guidelines currently recommended for PC client systems in the National Institute of Standards and Technology (NIST) specification for BIOS protection guidelines known as Special Publication 800-147. These improvements essentially ‘lock the door’, preventing unauthorized or unauthenticated BIOS and iDRAC firmware updates under any update scenarios, even if proper update procedures have not been followed for Dell digitally signed firmware update packages.