CN109684804A - A kind of method for security protection and system of BMC serial ports - Google Patents
A kind of method for security protection and system of BMC serial ports Download PDFInfo
- Publication number
- CN109684804A CN109684804A CN201811573980.9A CN201811573980A CN109684804A CN 109684804 A CN109684804 A CN 109684804A CN 201811573980 A CN201811573980 A CN 201811573980A CN 109684804 A CN109684804 A CN 109684804A
- Authority
- CN
- China
- Prior art keywords
- serial ports
- bmc
- user
- legitimate user
- legitimate
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The present invention provides the method for security protection and system of a kind of BMC serial ports, comprising: S1, distributes BMC serial ports permission for legitimate user;S2, by legitimate user's information preservation to legitimate user memory block;S3, terminal user connect Serial Port Line use serial ports when, to terminal user carry out authentication;S4, when verifying non-number of pass times and being more than given threshold, lock serial ports.The embodiment of the present invention in BMC by increasing associated security module, authentication module is set, it is that legal user distributes permission by BMC, user needs to carry out authentication when using BMC serial ports, serial ports could be used after being verified, to prevent unauthorized person to improve the safety of BMC to the use of serial ports.The present invention does not need to carry out any modification to the hardware circuit of existing server master board, need to only increase associated safety model in BMC by software mode, and change software flow can be realized, to realize practicability height, can operate strong feature.
Description
Technical field
The present invention relates to substrate control technology field, the especially a kind of method for security protection and system of BMC serial ports.
Background technique
BMC is the baseboard management controller of server, is widely used to server field at present, utilizes virtual key
Disk, interface, mouse and power supply etc. provide remote management capability for server, and user can remotely be monitored by the network interface of BMC
The physical features of server, such as temperature, the working condition of voltage and fan of each component, there are also power supply supplies and cabinet to enter
It invades.
The serial ports of BMC is the UART port based on RS232 agreement, for the debugging of BMC, and as external offer maintenance
Check interface.Facility information and on-line debugging etc. are checked to BMC particular by connection Serial Port Line.Serial ports is in the dimension for giving BMC
Protecting band can send BMC come while convenience, there is also biggish security risk, serial ports is once utilized by malicious persons and dislike
The illegal operations such as data of anticipating, finally bring harm to BMC, cause service disconnection, and then injure the safety of server, therefore
The safety of BMC serial ports has directly influenced the safety of server complete machine.
As shown in Figure 1, the security control for BMC serial ports is not implemented in the prior art, developer or terminal user are logical
It crosses Serial Port Line and is directly connected to the serial ports of BMC and debugged.But it thus be easy to cause, as long as malicious persons are connected to by Serial Port Line
Commissioning device can carry out code debugging and maintenance etc. to BMC, cause the security risk of server.
Summary of the invention
The object of the present invention is to provide the method for security protection and system of a kind of BMC serial ports, it is intended to solve in the prior art
The problem of security control for BMC serial ports is not implemented, realization prevent unauthorized person from promoting the safety of BMC to the use of serial ports
Property.
To reach above-mentioned technical purpose, the present invention provides a kind of method for security protection of BMC serial ports, the method includes
Following steps:
S1, BMC serial ports permission is distributed for legitimate user;
S2, by legitimate user's information preservation to legitimate user information storage area;
S3, terminal user connect Serial Port Line use serial ports when, to terminal user carry out authentication;
S4, when verifying non-number of pass times and being more than given threshold, lock serial ports.
Preferably, legitimate user's information includes user name, password.
Preferably, the step S3 specifically includes the following steps:
It retrieves legitimate user information storage area and carries out the comparison of user information legitimacy:
Comparison sends " TRUE " signal after passing through;
Compare obstructed out-of-date transmission " FALSE " signal.
Preferably, the legitimate user information storage area is nonvolatile storage.
The present invention also provides a kind of safety system of BMC serial ports, the system comprises:
Serial ports authority distribution module, for distributing BMC serial ports permission for legitimate user;
Subscriber information storing module is used for legitimate user's information preservation to legitimate user information storage area;
Display module is received, for receiving the user information of terminal user's input and showing;
Authentication module, for carrying out identity to terminal user and testing when terminal user connects Serial Port Line and uses serial ports
Card;
Serial ports locking module, for locking serial ports when verifying non-number of pass times more than given threshold.
Preferably, legitimate user's information includes user name, password.
Preferably, the authentication module includes:
Comparing unit carries out the comparison of user information legitimacy for retrieving legitimate user information storage area:
Comparison result notification unit sends " TRUE " signal after passing through for comparison, compares obstructed out-of-date transmission " FALSE "
Signal.
Preferably, the legitimate user information storage area is nonvolatile storage.
The effect provided in summary of the invention is only the effect of embodiment, rather than invents all whole effects, above-mentioned
A technical solution in technical solution have the following advantages that or the utility model has the advantages that
Compared with prior art, the present invention is arranged authentication module, leads to by increasing associated security module in BMC
Crossing BMC is that legal user distributes permission, and user needs to carry out authentication when using BMC serial ports, ability after being verified
Using serial ports, so that unauthorized person be prevented to improve the safety of BMC to the use of serial ports.The present invention is not needed to existing
The hardware circuit of server master board carries out any modification, only need to increase associated security module in BMC by software mode, changes
Software flow can be realized, to realize practicability height, can operate strong feature.
Detailed description of the invention
Fig. 1 is the operation of serial-port schematic diagram of existing BMC provided in the prior art of the invention;
Fig. 2 is a kind of method for security protection flow chart of BMC serial ports provided in the embodiment of the present invention;
Fig. 3 is BMC serial ports safety philosophy schematic diagram provided in the embodiment of the present invention;
Fig. 4 is a kind of safety system structural block diagram of BMC serial ports provided in the embodiment of the present invention.
Specific embodiment
In order to clearly illustrate the technical characterstic of this programme, below by specific embodiment, and its attached drawing is combined, to this
Invention is described in detail.Following disclosure provides many different embodiments or example is used to realize different knots of the invention
Structure.In order to simplify disclosure of the invention, hereinafter the component of specific examples and setting are described.In addition, the present invention can be with
Repeat reference numerals and/or letter in different examples.This repetition is that for purposes of simplicity and clarity, itself is not indicated
Relationship between various embodiments and/or setting is discussed.It should be noted that illustrated component is not necessarily to scale in the accompanying drawings
It draws.Present invention omits the descriptions to known assemblies and treatment technology and process to avoid the present invention is unnecessarily limiting.
The method for security protection and system for being provided for the embodiments of the invention a kind of BMC serial ports with reference to the accompanying drawing carry out
It is described in detail.
As shown in Figure 2,3, the embodiment of the invention discloses a kind of method for security protection of BMC serial ports, the method includes
Following steps:
S1, BMC serial ports permission is distributed for legitimate user;
S2, by legitimate user's information preservation to legitimate user memory block;
S3, terminal user connect Serial Port Line use serial ports when, to terminal user carry out authentication;
S4, when verifying non-number of pass times and being more than given threshold, lock serial ports.
The distribution that user uses BMC serial ports permission is carried out by BMC administrator, i.e., specified legitimate user, for legitimate user point
With user name and initial password, it is stored in legitimate user information storage area.In embodiments of the present invention, safe to improve system
Property, if desired to the modification of the user name, password of a certain user, can only could be modified by BMC administrator, BMC administrator's
Permission highest.
The information of legitimate user, i.e., corresponding user name and encrypted message are stored by legitimate user memory block, this is deposited
Storage area domain is nonvolatile storage, can use flash storage medium, ensures still to be able to save the letter of user after system is powered down
Breath is not lost.
The username and password information from reception display module transmitting is received by authentication module, and retrieves conjunction
Method user information memory block carries out the comparison of user information legitimacy, comparison process specifically:
Comparison pass through after to receive display module send " TRUE " signal;
It is obstructed out-of-date to reception display module transmission " FALSE " signal to compare;
When continuously comparing obstructed out-of-date disabling serial port function three times, and " ERROR " signal is sent to display module is received.
It prompts user to input user name and password by receiving display module, and correlation is shown according to the input of user
Information, concrete operations are as follows:
When terminal user connects Serial Port Line request operation of serial-port, mentioning for " user name, password please being input " is shown in terminal
Show information, user is prompted to carry out the input of information;
When receiving " TRUE " signal of authentication module transmission, the information of " authentication passes through " is shown;
When receiving " FALSE " signal of authentication module transmission, and display " user name, password mistake, it is please again defeated
Enter " information;
When receiving " ERROR " signal of authentication module transmission, display " refusal uses, and please contact administrator "
Information.
After BMC administrator logs in administration page, allowed to work using the personnel assignment of serial ports, typing legitimate user's
User name and initial password information;In addition BMC administrator be responsible for carry out personal information management, including it is subsequent addition it is legal
The operations such as user, modification user password, deletion user, and audit is monitored using the behavior of serial ports to user, it is ensured that system
Safety.User, which obtains its username and password, to be obtained by way of contact BMC administrator.The user of legitimate user
Name and encrypted message are stored in the nonvolatile storage of BMC.
For terminal user when connecting Serial Port Line using serial ports, terminal user inputs username and password, to user's input
User name and password carry out authentication, when same user's checking number reach still verify three times it is obstructed out-of-date, will locking string
Mouth function, user will be unable to using serial ports, it is necessary to just can be carried out the unlock of serial ports by BMC administrator.When user uses serial ports
It finishes, close serial equipment or exits after its account logs in, there is still a need for the verifyings for carrying out identity when being again coupled to serial ports.
The embodiment of the present invention is arranged authentication module, is to close by BMC by increasing associated security module in BMC
The user of method distributes permission, and user needs to carry out authentication when using BMC serial ports, and serial ports could be used after being verified,
To prevent unauthorized person to improve the safety of BMC to the use of serial ports.The present invention is not needed to existing server master board
Hardware circuit carry out any modification, need to only increase associated security module in BMC by software mode, change software flow is
It can be achieved, to realize practicability height, strong feature can be operated.
As shown in figure 4, the embodiment of the invention also discloses a kind of safety system of BMC serial ports, the system comprises:
Serial ports authority distribution module, for distributing BMC serial ports permission for legitimate user;
Subscriber information storing module is used for legitimate user's information preservation to legitimate user information storage area;
Display module is received, for receiving the user information of terminal user's input and showing;
Authentication module, for carrying out identity to terminal user and testing when terminal user connects Serial Port Line and uses serial ports
Card;
Serial ports locking module, for locking serial ports when verifying non-number of pass times more than given threshold.
The information of legitimate user, i.e., corresponding user name and encrypted message are stored by legitimate user memory block, this is deposited
Storage area domain is nonvolatile storage, can use flash storage medium, ensures still to be able to save the letter of user after system is powered down
Breath is not lost.
Username and password information is received by authentication module and is verified, and the authentication module includes:
Comparing unit carries out the comparison of user information legitimacy for retrieving legitimate user information storage area:
Comparison result notification unit sends " TRUE " signal after passing through for comparison, compares obstructed out-of-date transmission " FALSE "
Signal.
When continuously comparing obstructed out-of-date disabling serial port function three times, and " ERROR " signal is sent to display module is received.
It prompts user to input user name and password by receiving display module, and correlation is shown according to the input of user
Information, concrete operations are as follows:
When terminal user connects Serial Port Line request operation of serial-port, mentioning for " user name, password please being input " is shown in terminal
Show information, user is prompted to carry out the input of information;
When receiving " TRUE " signal of authentication module transmission, the information of " authentication passes through " is shown;
When receiving " FALSE " signal of authentication module transmission, and display " user name, password mistake, it is please again defeated
Enter " information;
When receiving " ERROR " signal of authentication module transmission, display " refusal uses, and please contact administrator "
Information.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention
Made any modifications, equivalent replacements, and improvements etc., should all be included in the protection scope of the present invention within mind and principle.
Claims (8)
1. a kind of method for security protection of BMC serial ports, which is characterized in that the described method comprises the following steps:
S1, BMC serial ports permission is distributed for legitimate user;
S2, by legitimate user's information preservation to legitimate user information storage area;
S3, terminal user connect Serial Port Line use serial ports when, to terminal user carry out authentication;
S4, when verifying non-number of pass times and being more than given threshold, lock serial ports.
2. a kind of method for security protection of BMC serial ports according to claim 1, which is characterized in that legitimate user's letter
Breath includes user name, password.
3. a kind of method for security protection of BMC serial ports according to claim 1, which is characterized in that the step S3 is specific
The following steps are included:
It retrieves legitimate user information storage area and carries out the comparison of user information legitimacy:
Comparison sends " TRUE " signal after passing through;
Compare obstructed out-of-date transmission " FALSE " signal.
4. a kind of method for security protection of BMC serial ports according to claim 1 to 3, which is characterized in that described
Legitimate user information storage area is nonvolatile storage.
5. a kind of safety system of BMC serial ports, which is characterized in that the system comprises:
Serial ports authority distribution module, for distributing BMC serial ports permission for legitimate user;
Subscriber information storing module is used for legitimate user's information preservation to legitimate user information storage area;
Display module is received, for receiving the user information of terminal user's input and showing;
Authentication module, for carrying out authentication to terminal user when terminal user connects Serial Port Line and uses serial ports;
Serial ports locking module, for locking serial ports when verifying non-number of pass times more than given threshold.
6. a kind of safety system of BMC serial ports according to claim 5, which is characterized in that legitimate user's letter
Breath includes user name, password.
7. a kind of safety system of BMC serial ports according to claim 5, which is characterized in that the authentication mould
Block includes:
Comparing unit carries out the comparison of user information legitimacy for retrieving legitimate user information storage area:
Comparison result notification unit sends " TRUE " signal after passing through for comparison, compares obstructed out-of-date transmission " FALSE " letter
Number.
8. a kind of safety system of BMC serial ports according to claim 5-7 any one, which is characterized in that described
Legitimate user information storage area is nonvolatile storage.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811573980.9A CN109684804A (en) | 2018-12-21 | 2018-12-21 | A kind of method for security protection and system of BMC serial ports |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811573980.9A CN109684804A (en) | 2018-12-21 | 2018-12-21 | A kind of method for security protection and system of BMC serial ports |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109684804A true CN109684804A (en) | 2019-04-26 |
Family
ID=66188734
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811573980.9A Pending CN109684804A (en) | 2018-12-21 | 2018-12-21 | A kind of method for security protection and system of BMC serial ports |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109684804A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111200598A (en) * | 2019-12-28 | 2020-05-26 | 浪潮商用机器有限公司 | Method and related device for preventing password brute force of baseboard management controller |
| CN112115459A (en) * | 2020-09-22 | 2020-12-22 | 杭州海康威视数字技术股份有限公司 | Embedded equipment operation information output method and device and embedded equipment |
| CN112989293A (en) * | 2021-03-19 | 2021-06-18 | 山东英信计算机技术有限公司 | Permission configuration method and device for IPMI user |
| CN113010925A (en) * | 2021-02-26 | 2021-06-22 | 山东英信计算机技术有限公司 | BMC chip and server |
| CN113127823A (en) * | 2021-03-26 | 2021-07-16 | 山东英信计算机技术有限公司 | Method, system and medium for managing local serial port login and authority |
| CN113360921A (en) * | 2021-05-08 | 2021-09-07 | 山东英信计算机技术有限公司 | Encryption protection system and server |
| CN113961409A (en) * | 2021-10-25 | 2022-01-21 | 广州芯德通信科技股份有限公司 | Method for improving serial port data security and OLT equipment thereof |
| CN114978704A (en) * | 2022-05-24 | 2022-08-30 | 北京天融信网络安全技术有限公司 | Password modification method based on server and server |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102004866A (en) * | 2009-09-01 | 2011-04-06 | 上海杉达学院 | Method and device for user identity verification and access control of information system |
| CN104363117A (en) * | 2014-11-04 | 2015-02-18 | 浪潮电子信息产业股份有限公司 | Method for realizing serial port redirection based on IPMI |
| CN105868149A (en) * | 2016-03-24 | 2016-08-17 | 杭州昆海信息技术有限公司 | A serial port information transmission method and device |
| CN206640606U (en) * | 2017-03-07 | 2017-11-14 | 无锡锐格思信息技术有限公司 | A kind of EPA machine configuration password login system of supplementary protection function |
| CN108965943A (en) * | 2018-07-26 | 2018-12-07 | 四川长虹电器股份有限公司 | Method of the Android intelligent television to serial ports access cipher control |
-
2018
- 2018-12-21 CN CN201811573980.9A patent/CN109684804A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102004866A (en) * | 2009-09-01 | 2011-04-06 | 上海杉达学院 | Method and device for user identity verification and access control of information system |
| CN104363117A (en) * | 2014-11-04 | 2015-02-18 | 浪潮电子信息产业股份有限公司 | Method for realizing serial port redirection based on IPMI |
| CN105868149A (en) * | 2016-03-24 | 2016-08-17 | 杭州昆海信息技术有限公司 | A serial port information transmission method and device |
| CN206640606U (en) * | 2017-03-07 | 2017-11-14 | 无锡锐格思信息技术有限公司 | A kind of EPA machine configuration password login system of supplementary protection function |
| CN108965943A (en) * | 2018-07-26 | 2018-12-07 | 四川长虹电器股份有限公司 | Method of the Android intelligent television to serial ports access cipher control |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111200598A (en) * | 2019-12-28 | 2020-05-26 | 浪潮商用机器有限公司 | Method and related device for preventing password brute force of baseboard management controller |
| CN111200598B (en) * | 2019-12-28 | 2022-03-04 | 浪潮商用机器有限公司 | Method and related device for preventing password brute force of baseboard management controller |
| CN112115459A (en) * | 2020-09-22 | 2020-12-22 | 杭州海康威视数字技术股份有限公司 | Embedded equipment operation information output method and device and embedded equipment |
| CN113010925A (en) * | 2021-02-26 | 2021-06-22 | 山东英信计算机技术有限公司 | BMC chip and server |
| CN112989293A (en) * | 2021-03-19 | 2021-06-18 | 山东英信计算机技术有限公司 | Permission configuration method and device for IPMI user |
| CN112989293B (en) * | 2021-03-19 | 2022-03-22 | 山东英信计算机技术有限公司 | Permission configuration method and device for IPMI user |
| CN113127823A (en) * | 2021-03-26 | 2021-07-16 | 山东英信计算机技术有限公司 | Method, system and medium for managing local serial port login and authority |
| CN113127823B (en) * | 2021-03-26 | 2022-06-07 | 山东英信计算机技术有限公司 | Method, system and medium for managing local serial port login and authority |
| CN113360921A (en) * | 2021-05-08 | 2021-09-07 | 山东英信计算机技术有限公司 | Encryption protection system and server |
| CN113961409A (en) * | 2021-10-25 | 2022-01-21 | 广州芯德通信科技股份有限公司 | Method for improving serial port data security and OLT equipment thereof |
| CN114978704A (en) * | 2022-05-24 | 2022-08-30 | 北京天融信网络安全技术有限公司 | Password modification method based on server and server |
| CN114978704B (en) * | 2022-05-24 | 2023-07-04 | 北京天融信网络安全技术有限公司 | Password modification method based on server and server |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109684804A (en) | A kind of method for security protection and system of BMC serial ports | |
| CN110149328B (en) | Interface authentication method, device, equipment and computer readable storage medium | |
| CN109257209A (en) | A kind of data center server centralized management system and method | |
| CN103310161B (en) | A kind of means of defence for Database Systems and system | |
| US20070109098A1 (en) | System for providing network access security | |
| CN110011848B (en) | Mobile operation and maintenance auditing system | |
| CN105261096A (en) | Network smart lock system | |
| CN103942478A (en) | Method and device for identity verification and authority management | |
| JP5013931B2 (en) | Apparatus and method for controlling computer login | |
| WO2015117507A1 (en) | Authentication method, collection device, authentication device and system, and cabinet and unlocking method therefor | |
| CN104320389A (en) | Fusion identify protection system and fusion identify protection method based on cloud computing | |
| CN111815812B (en) | Third-party unlocking control method and system for electronic lock | |
| CN109285256A (en) | Computer room based on block chain authentication enter permission give method | |
| CN103970540B (en) | Key Functions secure calling method and device | |
| CN106506491B (en) | Network safety system | |
| CN112863017A (en) | Smart community building intercom system dynamic password unlocking device, method, equipment and storage medium | |
| CN102571874A (en) | On-line audit method and device in distributed system | |
| CN111236105B (en) | Parking space lock management method, device and system and parking space lock | |
| CN104680054A (en) | RFID (radio frequency identification devices) data processing method | |
| CN101854357B (en) | Method and system for monitoring network authentication | |
| CN110601854B (en) | Authorization client, power distribution terminal equipment and authorization method thereof | |
| CN117176402A (en) | Unified identity authentication method, device and medium of operating system platform | |
| CN110390746A (en) | A kind of implementation method of fingerprint anti-theft gate inhibition | |
| CN202085191U (en) | Data safe storage and transmission system | |
| CN112395574B (en) | Safe login management method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190426 |