JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Integrated Lights Out Manager (ILOM) 3.1

Security Guide

search filter icon
search icon

Document Information

1.  Oracle ILOM Security Principles and Considerations

Key Deployment Security Considerations for Oracle ILOM

Important Security Principles for Oracle ILOM

General Security Principles

Basic Security Principles

2.  Oracle ILOM Security at Deployment

Understanding the Default Settings of Oracle ILOM

Changing the Default root User Account

Understanding User Roles and Privileges

Enabling or Disabling Unwanted Services to Control Open Ports

Understanding the Single Sign-On Feature

Configuring the Oracle ILOM Web Interface for Maximum Security

Using SSL Certificates

Understanding Web Security Settings

Configuring the Web Interface Session Time-Out

Configuring the Oracle ILOM CLI for Maximum Security

Configuring the CLI Session Time-Out

Understanding SSH Key Generation

Using User SSH Keys

Configuring SNMP for Maximum Security

Differences Between SNMPv1/v2c and SNMPv3

SNMP Security Guidelines for Choosing Whether to Enable Sets

Understanding the Engine ID

Configuring Ws-Man for Maximum Security

User Authentication Services and Security

Configuring Banner Messages

Security Implications of Enabling Sideband Management

Security Considerations for a Local Management Connection

3.  Oracle ILOM Security After Deployment

Understanding the KCS Interface to Oracle ILOM

Understanding the LAN Interconnect Interface for Oracle ILOM

Connecting to Oracle ILOM Using Secure Protocols

Using IPMI 2.0 To Ensure Traffic Is Encrypted

Using Remote KVMS Securely

KVMS Encryption

Multiple User Sessions and Remote KVMS

Using the Host Lock Feature to Prevent Unauthorized Use

Using Serial Console Redirection (start /HOST/console)

Monitoring Audit Events to Find Unauthorized Access

Understanding the Physical Presence Check Feature

Changing Administrator Passwords Frequently

Updating to the Latest Firmware

Understanding the LAN Interconnect Interface for Oracle ILOM

As a faster alternative to the KCS interface, clients on the host operating system can communicate with Oracle ILOM over an internal high-speed interconnect. The interconnect is implemented by an internal Ethernet-over-USB connection, running an IP stack. Oracle ILOM is given an internal, non-routable IP address that a client on the host can use to connect to it.

Unlike the KCS interface, which relies on protected access to a hardware device, the LAN interconnect is available to all operating system users by default. Therefore, connecting to Oracle ILOM over the LAN interconnect requires authentication, just as if the connection were coming over the network to the Oracle ILOM management port.

In addition, all services or protocols exposed on the management network are made available over the LAN interconnect to the host. It is possible to use a web browser on the host to access the Oracle ILOM web interface or use a secure shell client to connect to the Oracle ILOM command-line interface. In all cases, a valid user name and password must be provided to use the LAN interconnect.

The LAN interconnect is disabled by default. When it is disabled, there is no Ethernet device visible to the host operating system and the channel does not exist. Oracle Hardware Management Pack helps provision and configure the LAN interconnect. Oracle Hardware Management Pack is a set of packages that is installed on the host operating system.

For information about configuring the LAN interconnect, see the Oracle Hardware Management Pack documentation at: http://www.oracle.com/pls/topic/lookup?ctx=ohmp