|Skip Navigation Links|
|Exit Print View|
| Oracle Integrated Lights Out Manager (ILOM) 3.1
This section describes how to best configure the Oracle ILOM web interface for maximum security. This section contains the following topics:
Secure Socket Layer (SSL) certificates are used both to encrypt communication over a network and to ensure the authenticity of a server or client. Oracle ILOM includes a self-designed SSL certificate that allows the HTTP over SSL protocol to be used out-of-box, without the need for uploading a certificate. When connecting to the Oracle ILOM web interface for the first time, the user is notified that a self-signed certificate is being used and is asked to accept its use. Using the certificate provided, all communication between the web browser and Oracle ILOM is fully encrypted.
However, it is also possible to upload a trusted certificate for improved security. A trusted certificate means that the certificate is granted in conjunction with a trusted certificate authority. Using a trusted certificate from a known certificate authority ensures the authenticity of the Oracle ILOM web server. Using untrusted (self-signed) certificates opens up the possibility of a man-in-the-middle (MITM) attack.
For more information about uploading a custom SSL certificate, see the Oracle ILOM 3.1 Configuration and Maintenance Guide.
The Oracle ILOM web interface provides several configurable security settings. By default, Oracle ILOM is configured to allow only the strongest Secure Socket Layer encryption (SSLv3 and TLSv1) with the strongest ciphers. However, Oracle ILOM also supports SSLv2 as well as weaker ciphers. It might be necessary that you enable SSLv2 or “weak ciphers” to support older web browsers.
If possible, configure the web interface with the default secure settings. For more information about changing the HTTPS service settings, see the Oracle ILOM 3.1 Configuration and Maintenance Guide.
The Oracle ILOM web interface has a configurable session time-out. The session time-out determines how many minutes will lapse until an inactive web session is automatically logged out. This feature reduces the risk of an unauthorized user finding an unattended computer with an authenticated session to Oracle ILOM.
The default time-out is 15 minutes, which is suitable for most users. Lowering the time-out means that the user might have to re-enter his or her user name and password more often, as sessions expire. However, it will shorten the amount of time during which authenticated sessions remain active.
For information about changing the web session time-out, see the Oracle ILOM 3.1 Configuration and Maintenance Guide.