Understanding the Default Settings of Oracle ILOM - Oracle Integrated Lights Out Manager (ILOM) 3.1

Skip Navigation Links
Exit Print View
	Oracle Integrated Lights Out Manager (ILOM) 3.1 Security Guide

Oracle Technology Network

Document Information

1. Oracle ILOM Security Principles and Considerations

Oracle ILOM Security Principles

General Security Principles

Basic Security Principles

Important Security Considerations

2. Oracle ILOM Security at Deployment

Understanding the Default Settings of Oracle ILOM

Changing the Default root User Account

Understanding User Roles and Privileges

Enabling or Disabling Unwanted Services to Control Open Ports

Understanding the Single Sign-On Feature

Configuring the Oracle ILOM Web Interface for Maximum Security

Using SSL Certificates

Understanding Web Security Settings

Configuring the Web Interface Session Time-Out

Configuring the Oracle ILOM CLI for Maximum Security

Configuring the CLI Session Time-Out

Understanding SSH Key Generation

Using User SSH Keys

Configuring SNMP for Maximum Security

Differences Between SNMPv1/v2c and SNMPv3

Choosing Whether to Enable Sets

Understanding the Engine ID

Configuring Ws-Man for Maximum Security

User Authentication Services and Security

Configuring Banner Messages

Security Implications of Enabling Sideband Management

3. Oracle ILOM Security After Deployment

Understanding the KCS Interface to Oracle ILOM

Understanding the LAN Interconnect Interface for Oracle ILOM

Connecting to Oracle ILOM Using Secure Protocols

Understanding the Differences Between IPMI 1.5 and IPMI 2.0

Using Remote KVMS Securely

KVMS Encryption

Multiple User Sessions and Remote KVMS

Using the Host Lock Feature to Prevent Unauthorized Use

Using Serial Console Redirection (start /HOST/console)

Monitoring Audit Events to Find Unauthorized Access

Understanding the Physical Presence Check Feature

Changing Administrator Passwords Frequently

Updating to the Latest Firmware

Understanding the Default Settings of Oracle ILOM

Oracle ILOM comes preconfigured with most services enabled by default. This makes the deployment of Oracle ILOM simple and straightforward. However, each open port on the server represents a potential attack point by a malicious user. It is therefore important to understand the initial Oracle ILOM settings, and their purpose, and to choose which services are actually required for a deployed system. For best security, enable only the required Oracle ILOM services.

The following table lists the services that are enabled by default with Oracle ILOM.

Table 2-1 Services Enabled by Default

Service	Port(s)
HTTP redirection to HTTPS	80
HTTPS	443
IPMI	623
Remote KVMS	5120-5123, 555, 556, 7578, 7579
ServiceTag	6481
SNMP	161
Single Sign-on	11626
SSH	22
WS-Man over HTTP	8889

The following table shows the services that are disabled by default with Oracle ILOM.

Table 2-2 Services Disabled by Default

Service	Port(s)
HTTP	80
WS-Man over HTTPS	8888

Copyright © 2012, Oracle and/or its affiliates. All rights reserved. Legal Notices

Previous

Next