|Skip Navigation Links|
|Exit Print View|
| Oracle Integrated Lights Out Manager (ILOM) 3.1
Oracle Integrated Lights Out Manager (Oracle ILOM) is a preinstalled service processor on the Oracle server that enables you to locally or remotely configure and manage server components using a dedicated network port, a sideband port, or a local port. This section provides general and basic security principles for you to consider when using Oracle ILOM:
Follow these general security principles to ensure secure use of Oracle ILOM in your environment:
On a regular basis, verify that the most recent version of Oracle ILOM firmware is installed on the system. If a later version of the firmware is available, update the system to this later version. For information about updating Oracle ILOM firmware, see Oracle ILOM 3.1 Configuration and Maintenance Guide.
Use a firewall to restrict network access in your environment and configure the firewall to allow only the ports required by Oracle ILOM. The ports required by Oracle ILOM are listed in Services Enabled by Default.
The principle of least privilege states that, for good security practice, give a user the least amount of privileges to perform his or her job. Over-ambitious granting of responsibilities, roles, grants, and so on (especially early in the life cycle of an organization), can leave a system open for abuse. Review user privileges periodically to determine relevance to current job responsibilities.
The best system security typically addresses these areas:
Good security protocols
Proper system configuration
Frequent system monitoring
System monitoring, such as auditing and reviewing audit records, targets the third area of system security. Each component within a system has some degree of monitoring ability. For best security practice, follow the auditing recommendations in this documentation and regularly review Oracle ILOM audit logs.
Oracle continually improves its hardware, software, and documentation. Check Product Notes documentation frequently for the latest revisions to Oracle products and documentation.
Follow these basic security principles to ensure secure use of Oracle ILOM in your environment:
Enforce physical and virtual access limits to protect hardware and data from intrusion as follows:
For hardware, limit physical access to the hardware.
For software, limit access to the software through both physical and virtual means.
For firmware, update and change firmware only through the Oracle update process.
Enforce user authentication in Oracle ILOM by creating a separate user account and assigning a complex password for each Oracle ILOM user. For example, when creating user accounts and passwords for Oracle ILOM users, consider these guidelines:
User Accounts Guidelines:
Never Promote the Sharing of User Accounts. A separate account should be created for each Oracle ILOM user. You can authenticate users through local user accounts stored on the SP or CMM; or, you can authenticate users through a supported remote authentication service. For more information about implementing user authentication through a remote authentication service, see
User Name Requirements for Local Account: The user name for a local Oracle ILOM user account must contain: 4 to 16 characters in length; start with an alphabetic character; and contain no spaces.
Note - To enable first-time login and access to Oracle ILOM, a local Administrator root account is provided with the system. To build a secure environment, you must change the default password (changeme) for the Administrator root account after your initial login to Oracle ILOM. If this default Administrator account has since been changed, contact your system administrator for an Oracle ILOM user account with Administrator privileges.
Passwords Guidelines for Local User Accounts:
Password Length for Local User Account. Enter between 8 and 16 characters in length.
Password Supported Characters for Loca User Account. Use a mixture of lowercase and uppercase characters and special characters to create a complex password. Note that Oracle ILOM passwords are case sensitive and any characters except for the use of a colon or space are permitted to create the password.
Do Not Include User Name in Passwords. Do not create a password that contains the name of the user.
For further information about how to create or modify user accounts in Oracle ILOM, see the Oracle ILOM Administrator Guide for Configuration and Maintenance.
Allow a company employee to work only with hardware and software that he or she is trained and qualified to use.
Oracle ILOM provides the ability to control user privileges for each user. Ensure that the appropriate permissions are assigned to each user, based on job role.
Use Oracle software and hardware features to monitor login activity and maintain hardware inventories.