JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Integrated Lights Out Manager (ILOM) 3.1

Security Guide

search filter icon
search icon

Document Information

1.  Oracle ILOM Security Principles and Considerations

Key Deployment Security Considerations for Oracle ILOM

Important Security Principles for Oracle ILOM

General Security Principles

Oracle ILOM Firmware Updates

Network Access Configuration

The Principle of Least Privilege

System Activity Monitoring

Security Information Updates

Basic Security Principles

Access Principles

Authentication Principles - User Accounts and Passwords

Authorization Principles

Accounting Principles

2.  Oracle ILOM Security at Deployment

Understanding the Default Settings of Oracle ILOM

Changing the Default root User Account

Understanding User Roles and Privileges

Enabling or Disabling Unwanted Services to Control Open Ports

Understanding the Single Sign-On Feature

Configuring the Oracle ILOM Web Interface for Maximum Security

Using SSL Certificates

Understanding Web Security Settings

Configuring the Web Interface Session Time-Out

Configuring the Oracle ILOM CLI for Maximum Security

Configuring the CLI Session Time-Out

Understanding SSH Key Generation

Using User SSH Keys

Configuring SNMP for Maximum Security

Differences Between SNMPv1/v2c and SNMPv3

SNMP Security Guidelines for Choosing Whether to Enable Sets

Understanding the Engine ID

Configuring Ws-Man for Maximum Security

User Authentication Services and Security

Configuring Banner Messages

Security Implications of Enabling Sideband Management

Security Considerations for a Local Management Connection

3.  Oracle ILOM Security After Deployment

Understanding the KCS Interface to Oracle ILOM

Understanding the LAN Interconnect Interface for Oracle ILOM

Connecting to Oracle ILOM Using Secure Protocols

Using IPMI 2.0 To Ensure Traffic Is Encrypted

Using Remote KVMS Securely

KVMS Encryption

Multiple User Sessions and Remote KVMS

Using the Host Lock Feature to Prevent Unauthorized Use

Using Serial Console Redirection (start /HOST/console)

Monitoring Audit Events to Find Unauthorized Access

Understanding the Physical Presence Check Feature

Changing Administrator Passwords Frequently

Updating to the Latest Firmware

Important Security Principles for Oracle ILOM

Oracle Integrated Lights Out Manager (Oracle ILOM) is a preinstalled service processor on the Oracle server that enables you to locally or remotely configure and manage server components using a dedicated network port, a sideband port, or a local port. This section provides general and basic security principles for you to consider when using Oracle ILOM:

General Security Principles

Follow these general security principles to ensure secure use of Oracle ILOM in your environment:

Oracle ILOM Firmware Updates

On a regular basis, verify that the most recent version of Oracle ILOM firmware is installed on the system. If a later version of the firmware is available, update the system to this later version. For information about updating Oracle ILOM firmware, see Oracle ILOM 3.1 Configuration and Maintenance Guide.

Network Access Configuration

Use a firewall to restrict network access in your environment and configure the firewall to allow only the ports required by Oracle ILOM. The ports required by Oracle ILOM are listed in Services Enabled by Default.

The Principle of Least Privilege

The principle of least privilege states that, for good security practice, give a user the least amount of privileges to perform his or her job. Over-ambitious granting of responsibilities, roles, grants, and so on (especially early in the life cycle of an organization), can leave a system open for abuse. Review user privileges periodically to determine relevance to current job responsibilities.

System Activity Monitoring

The best system security typically addresses these areas:

System monitoring, such as auditing and reviewing audit records, targets the third area of system security. Each component within a system has some degree of monitoring ability. For best security practice, follow the auditing recommendations in this documentation and regularly review Oracle ILOM audit logs.

Security Information Updates

Oracle continually improves its hardware, software, and documentation. Check Product Notes documentation frequently for the latest revisions to Oracle products and documentation.

Basic Security Principles

Follow these basic security principles to ensure secure use of Oracle ILOM in your environment:

Access Principles

Enforce physical and virtual access limits to protect hardware and data from intrusion as follows:

Authentication Principles - User Accounts and Passwords

Enforce user authentication in Oracle ILOM by creating a separate user account and assigning a complex password for each Oracle ILOM user. For example, when creating user accounts and passwords for Oracle ILOM users, consider these guidelines:

User Accounts Guidelines:

Passwords Guidelines for Local User Accounts:

For further information about how to create or modify user accounts in Oracle ILOM, see the Oracle ILOM Administrator Guide for Configuration and Maintenance.

Authorization Principles

Allow a company employee to work only with hardware and software that he or she is trained and qualified to use.

Oracle ILOM provides the ability to control user privileges for each user. Ensure that the appropriate permissions are assigned to each user, based on job role.

Accounting Principles

Use Oracle software and hardware features to monitor login activity and maintain hardware inventories.