The Critical Role of Ethernet Adapters in Modern Network Security
Updated at Nov 5th 20241 min read
Network security involves safeguarding the networking infrastructure against unauthorized access, misuse, or theft. It is essential for establishing a secure environment where devices, applications, and users can operate safely. As digitization continues to reshape our daily lives and work, organizations must secure their networks to meet the expectations of customers and employees. Effective network security not only shields proprietary information from threats but also helps preserve a company's reputation.
Security Risks in Ethernet Adapters
Ethernet adapters occupy a strategic location in the data center and their operational integrity is a critical component of data center security. With direct access to the data center network, Ethernet adapters occupy a strategic location in the server and can uniquely compromise a data center’s security. A single compromised Ethernet adapter could impact thousands of unsuspecting users by snooping or blocking application traffic, inserting malicious messages or diverting traffic from its intended destination. A larger scale hack involving multiple network adapters could wreak havoc in the data center, potentially affecting millions of users.
Ethernet adapters face security risks because their firmware is not protected by hardware-based security like server motherboards are. These adapters are standalone systems connected to the host via PCIe but are outside the motherboard's security domain. Preventing unauthorized firmware execution on the adapter is crucial. Due to their small size and ease of replacement, these adapters are vulnerable to modification or swapping. Risks include modifications during shipment or the insertion of malicious chips during manufacturing. Cyber-espionage groups have started exploiting firmware vulnerabilities, and servers face similar threats. In February 2019, security experts showed that the Cloudbourne attack could “brick” a server or hijack a bare-metal cloud server through BMC firmware. Even an isolated, secure data center is not immune to such breaches, as a malicious insider with sufficient privileges could exploit their access to modify adapter hardware or load unauthorized firmware onto the adapter. Given the increasing sophistication of attackers, security solutions must effectively prevent malware insertion via hardware or firmware attacks.
BroadSAFE Security Technology
To address this potential security vulnerability, Broadcom has integrated BroadSAFE security technology including a silicon Root of Trust (RoT) into its Ethernet adapters, helping to make them the industry’s most secure network adapters.

Adapter firmware must be secured by a lower-level protection mechanism, the silicon of the device itself. A true silicon RoT uses unalterable hardware to ensure the authenticity and integrity of all adapter firmware before it is allowed to execute on the controller. To make such an assurance, the RoT must guarantee the integrity of the controller boot process. The BroadSAFE silicon RoT in Broadcom Ethernet adapters provides strong, hardware-based security. The unalterable RoT protects adapter initialization and operational firmware from being compromised.
Once the secure boot process completes, the operational firmware provides a variety of features that enable secure adapter operations. Several features rely on controller hardware mechanisms configured by the firmware, while others are functions of the firmware itself. These features include the following.
Secure Firmware Management
Chain of trust extended to all operational firmware via authentication, preventing malware insertion. Firmware authenticated at boot and during updates. All updates logged.
Secure Configuration Management
Firmware encrypts sensitive configuration data such as passwords. All modifications logged. Configuration deleted with secure wipe.
Multi-tenant Isolation
Firmware manages several hardware protection mechanisms for the PCIe interface and RoCE DMA to isolate PCIe functions, VMs and applications.
This maintains the integrity of all adapter security features, making the Broadcom Ethernet adapters the most secure Ethernet adapters in the industry.
FS provides Broadcom® Ethernet adapters from 10G to 400G, with Broadsafe™ embedded security provides Silicon Root of Trust and attestation delivering industry’s most secure Ethernet controller, are the ideal solution for high-performance virtualization, intelligent flow processing, secure data center connectivity, and machine learning.
Bottom Line
In an era where network security is crucial for data centers, Broadcom Ethernet adapters with BroadSAFE™ technology provide an essential layer of protection. Their Silicon Root of Trust (RoT) safeguards against unauthorized firmware execution, ensuring a secure boot process and reliable firmware integrity. FS offers a range of Broadcom Ethernet adapters, making them a solid choice for organizations prioritizing network security and reliability.