JavaScript is required to for searching.
Skip Navigation Links
Exit Print View
Oracle Integrated Lights Out Manager (ILOM) 3.1

Security Guide

search filter icon
search icon

Document Information

1.  Oracle ILOM Security Principles and Considerations

Key Deployment Security Considerations for Oracle ILOM

Important Security Principles for Oracle ILOM

General Security Principles

Basic Security Principles

2.  Oracle ILOM Security at Deployment

Understanding the Default Settings of Oracle ILOM

Changing the Default root User Account

Understanding User Roles and Privileges

Enabling or Disabling Unwanted Services to Control Open Ports

Understanding the Single Sign-On Feature

Configuring the Oracle ILOM Web Interface for Maximum Security

Using SSL Certificates

Understanding Web Security Settings

Configuring the Web Interface Session Time-Out

Configuring the Oracle ILOM CLI for Maximum Security

Configuring the CLI Session Time-Out

Understanding SSH Key Generation

Using User SSH Keys

Configuring SNMP for Maximum Security

Differences Between SNMPv1/v2c and SNMPv3

SNMP Security Guidelines for Choosing Whether to Enable Sets

Understanding the Engine ID

Configuring Ws-Man for Maximum Security

User Authentication Services and Security

Configuring Banner Messages

Security Implications of Enabling Sideband Management

Security Considerations for a Local Management Connection

3.  Oracle ILOM Security After Deployment

Understanding the KCS Interface to Oracle ILOM

Understanding the LAN Interconnect Interface for Oracle ILOM

Connecting to Oracle ILOM Using Secure Protocols

Using IPMI 2.0 To Ensure Traffic Is Encrypted

Using Remote KVMS Securely

KVMS Encryption

Multiple User Sessions and Remote KVMS

Using the Host Lock Feature to Prevent Unauthorized Use

Using Serial Console Redirection (start /HOST/console)

Monitoring Audit Events to Find Unauthorized Access

Understanding the Physical Presence Check Feature

Changing Administrator Passwords Frequently

Updating to the Latest Firmware

Understanding User Roles and Privileges

All Oracle ILOM user accounts are assigned a set of privileges (also referred to as roles). These privileges provide access to discrete features within Oracle ILOM. It is possible to configure a user account, so that the user can monitor the system but cannot make any configuration changes. Or, you can allow a user to modify most configuration options, with the exception of creating and modifying user accounts. It is also possible to restrict who can control the server power and who can access the remote console. It is important to understand the privilege levels and to assign them appropriately to users in the organization.

The following table lists the user privileges (roles) and their capabilities.

Table 2-3 User Roles

Role
Description
a (admin)
Enables a user to change all Oracle ILOM configuration options, except for those configuration options expressly authorized by other privileges (such as user management).
u (user)
Enables a user to add and remove users, change user passwords, and configure authentication services. A user with this role can create a second user account with all privileges and, therefore, this role has the highest level of privileges of all user roles.
c (console)
Enables a user to access the host console remotely. This remote console access might allow the user to access the BIOS or Open Boot PROM (OBP), which gives the user the ability to change boot behavior as a way to gain access to the system.
r (reset)
Enables a user to control host power and reset Oracle ILOM.
o (read-only)
Enables a user to have read-only access to the Oracle ILOM user interfaces. All users have this access, which entitles a user to read logs and environmental information, as well as view configuration settings.

For more information about setting user roles, see the Oracle ILOM 3.1 Configuration and Maintenance Guide.