JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Integrated Lights Out Manager (ILOM) 3.1

Security Guide

search filter icon
search icon

Document Information

1.  Oracle ILOM Security Principles and Considerations

Key Deployment Security Considerations for Oracle ILOM

Important Security Principles for Oracle ILOM

General Security Principles

Basic Security Principles

2.  Oracle ILOM Security at Deployment

Understanding the Default Settings of Oracle ILOM

Changing the Default root User Account

Understanding User Roles and Privileges

Enabling or Disabling Unwanted Services to Control Open Ports

Understanding the Single Sign-On Feature

Configuring the Oracle ILOM Web Interface for Maximum Security

Using SSL Certificates

Understanding Web Security Settings

Configuring the Web Interface Session Time-Out

Configuring the Oracle ILOM CLI for Maximum Security

Configuring the CLI Session Time-Out

Understanding SSH Key Generation

Using User SSH Keys

Configuring SNMP for Maximum Security

Differences Between SNMPv1/v2c and SNMPv3

SNMP Security Guidelines for Choosing Whether to Enable Sets

Understanding the Engine ID

Configuring Ws-Man for Maximum Security

User Authentication Services and Security

Configuring Banner Messages

Security Implications of Enabling Sideband Management

Security Considerations for a Local Management Connection

3.  Oracle ILOM Security After Deployment

Understanding the KCS Interface to Oracle ILOM

Understanding the LAN Interconnect Interface for Oracle ILOM

Connecting to Oracle ILOM Using Secure Protocols

Using IPMI 2.0 To Ensure Traffic Is Encrypted

Using Remote KVMS Securely

KVMS Encryption

Multiple User Sessions and Remote KVMS

Using the Host Lock Feature to Prevent Unauthorized Use

Using Serial Console Redirection (start /HOST/console)

Monitoring Audit Events to Find Unauthorized Access

Understanding the Physical Presence Check Feature

Changing Administrator Passwords Frequently

Updating to the Latest Firmware

User Authentication Services and Security

Oracle ILOM can be configured to use a centralized user store rather than having to configure local users on each Oracle ILOM instance. This provides the added convenience of being able to centrally create and modify user credentials and enable users to gain access to many different systems.

Before choosing and configuring an authentication service, understand how these services work and how each needs to be configured. In addition to authentication, each of the supported services provide the ability to configure authorization rules that define how the Oracle ILOM user privileges get assigned for a given remote user. Ensure that the proper user role or privilege gets assigned.

The following table describes the user authentication services supported by Oracle ILOM.

Table 2-5 User Authentication Services

Service Name
Security Profile
Information
Active Directory
High
  • This service is secure by default.
  • Using strict certification mode requires a certificate server, but adds an additional layer of security.

Lightweight Directory Access Protocol/Secure Socket Layer (LDAP/SSL)
High
  • This service is secure by default.
  • Using strict certification mode requires a certificate server, but adds an additional layer of security.

Legacy LDAP
Low
  • Use this service on private, secure networks where there are no suspected malicious users.
Remote Authentication Dial In User Service (RADIUS)
Low
  • Use this service on private, secure networks where there are no suspected malicious users.

Services with a high security profile can be used in very secure environments as they are secured by certificates and other forms of strong encryption to protect the channel. The services with a low security profile are disabled by default. Enable these low security profiles only if you understand and accept the limitations of this low level of security.

For more information about configuring each of the user authentication services, see the Oracle ILOM 3.1 Configuration and Maintenance Guide.