English

 找回密码
 立即注册
搜索

Ripple20 vulnerability exposed: Data center infrastructure security threats follow

ChrisLarsen 2025-10-13 22:46 12637人围观 XRP

For a long time, when we talk about data center security, we are often limited to discussing the security of IT equipment such as networks and servers, and often ignore the security risks hidden in the physical infrastructure of the data center. In fact,
For a long time, when we talk about data center security, we are often limited to discussing the security of IT equipment such as networks and servers, and often ignore the security risks hidden in the physical infrastructure of the data center. In fact, the power supply and cooling systems necessary for the operation of data centers may also be targets of cyber attackers, and may be hijacked and extorted by cyber hackers, or important data and files may be stolen.  


On June 16, 2020, JSOF, a company specializing in IoT and embedded device security, warned that hundreds of millions of IoT devices around the world may be vulnerable to remote attacks due to a serious security vulnerability affecting the Treck TCP/IP protocol stack. This vulnerability affects all walks of life. So far, products from multiple vendors have been confirmed to be vulnerable, including UPS systems, infusion pumps, network equipment, IP cameras, video conferencing systems, building automation equipment, and ICS equipment. Because of supply chain factors, the devastating impact of these vulnerabilities is amplified, just like a "ripple effect." And because they were reported in 2020, this series of vulnerabilities are collectively referred to as "Ripple20" vulnerabilities.



1. What security threats does the Ripple20 vulnerability pose?
Treck TCP/IP is a TCP/IP underlying Internet protocol suite library launched in 1997 by "Treck", a software company headquartered in Cincinnati, USA, specifically for embedded systems. It can be easily integrated into a variety of embedded products. For more than two decades, companies around the world have been using this library to connect their devices or software to the Internet via the TCP/IP protocol. Researchers from JSOF found that there were buffer error vulnerabilities in versions of the Treck TCP/IP protocol stack prior to 6.0.1.66, and a total of 19 0day vulnerabilities were found. Illegal attackers can use this vulnerability to cause buffer overflow or heap overflow, etc., thereby achieving remote control and illegal operations on the device.
In the data center industry, to combat this security threat, we recommend the following measures:

  • Comprehensively check whether the power supply and cooling system equipment uses the Treck TCP/IP protocol, and promptly upgrade to the latest version; If necessary, contact the equipment supplier for relevant technical support.

  • If some devices cannot be upgraded to the latest version, minimize the network exposure of these devices, enable only secure remote access methods, isolate them behind a firewall, and isolate them from the business network.

  •  Block network attacks with deep packet inspection to reduce the risk of enabling Treck TCP/IP stack.

2. What security warnings does the Ripple20 vulnerability bring?
Through this security incident, we suggest that data center practitioners need to start paying attention to the security of infrastructure, pay attention to the possibility of security attacks in equipment selection, network configuration, etc., and improve the security of power supply and cooling systems.
With changes in business needs and the development of IoT technology, data center infrastructure is gradually becoming networked. Today, almost any device can use an IP address, and data center infrastructure is no exception ; It makes it easier for data center hosting providers to support data center infrastructure such as HVAC, surveillance cameras, and power management. At the same time, data center customers deploying racks often require remote access to rPDUs because they can quickly and remotely restart their rPDUs in the event of a server failure. However, infrastructure security is often overlooked, and those responsible for infrastructure security are often too busy with other businesses to pay attention, such as the maintenance of data center equipment. As a result, infrastructure has become one of the data center's biggest vulnerabilities.
In order to ensure the security of data center infrastructure, we need to pay attention to the following points:

  • Supplier’s safety management system. Currently, many equipment and even automated control systems in the data center industry do not take security into account in product design. ; They often use default passwords and go without fixing vulnerabilities and patches for years. Therefore, when choosing an equipment supplier, it is best to review the maturity of the supplier's security management system to ensure that the supplier has a complete security vulnerability management system and security emergency response mechanism, and whether it has passed ISO/IEC27001 information security management system certification, etc.

  • The security defense capabilities of the device. During product design, development, and delivery, devices need to consider how to defend against common security threats, such as closing redundant remote control interfaces, encrypting the transmission and storage of sensitive data, and conducting comprehensive virus and vulnerability scans before leaving the factory. In order to prevent the software from being illegally tampered with and implanting Trojans, it is recommended that the device should have a built-in security chip to perform trusted root verification on the software version. Before purchasing equipment, it is best to ask the equipment supplier to provide product safety certification documents related to the equipment.




Conduct regular and comprehensive inspections of security risks. Clarify the personnel and organization responsible for infrastructure security and their responsibilities, comprehensively understand and master the configuration of all networking equipment in the data center, and adopt network segmentation strategies to isolate networks between different businesses to avoid unnecessary network exposure. In addition, it is best to establish a good security communication mechanism with equipment suppliers, promptly upgrade equipment software to the latest version, and quickly repair security vulnerabilities.

Disclaimer: Some articles come from the Internet and other public platforms. The content is for readers' reference only. The accuracy of the article is not guaranteed. If there is any copyright infringement, please inform us and we will delete it within 24 hours!



Sharing of exciting content from past issues

  • It is planned to invest 5 billion in Runze (Foshan) International Information Port and will soon be located in Gaoming, Guangdong.


  • Zhejiang releases new infrastructure plan: invest 1 trillion in three years to build 25 large and ultra-large cloud data centers


  • Huizhou, Guangdong has stepped up its deployment of new infrastructure. This year’s data center projects will exceed 15 billion yuan.


  • Outstanding security performance: Tencent Cloud TStack is among the first batch to meet the security capability requirements of Class 2.0 Level 4


  • New infrastructure boosts data center construction. The data center bidding list for the first half of 2020 is released.


Welcome to join the DTDATA data center full ecological service platform. Find computer rooms, brands, products, and friends. The DTDATA team will share more with you, so stay tuned. Service hotline: 400-089-1045, submission email: service@dtdata.cn
精彩评论0
我有话说......
12637
TA还没有介绍自己。
关注