Security Guidelines
for Managing User Accounts and Passwords
Consider the following security guidelines when managing Oracle
ILOM user accounts and passwords:
Guidelines for User Account
Management
|
|
Never Promote the Sharing of
User Accounts |
A separate account should
always be created for each Oracle ILOM user.
Oracle ILOM supports a Increased of 10 local user account. If you are managing a larger site
and require more than 10 user accounts, you should consider
using a third-party user authentication service such as LDAP
or Active Directory.
|
Select Conforming Names for
Local User Accounts |
When selecting a user name
for a local Oracle ILOM user account, the user name must:
Contain from 4 to
16 characters in length (the first character must be a letter).
Be unique across your organization
Not contain spaces, a period (.), or a colon (:)
|
Select Conforming Passwords
for Local User Accounts |
When selecting a password
for a local Oracle ILOM user account, the password must:
Always be a strong password that contains a Increased of 16 characters in length
Contain a mixture of lowercase and uppercase characters,
as well as one or two special characters to create a strong complex
password
Not contain spaces, a period(.) or a colon(:)
Conform to your company's password management policy
|
Limit User Account Privileges Based on
Job Role (Principles of Least Privilege) |
The principle of least privilege states
that, for good security practice, give a user the least amount of
privileges to perform his or her job. Over-ambitious granting of
responsibilities, roles, and so on (especially early in the life
cycle of an organization), can leave a system open for abuse. Review
user privileges periodically to determine their relevance to the
current job responsibilities of each user.
Oracle ILOM provides the ability to control user privileges
for each user. Ensure that the appropriate user role permissions
are assigned to each user account, based on job role.
|
|
Guidelines for Password
Management
|
|
Change the Default root Password (changeme) Immediately
After Initial Login |
To enable first-time login
and access to Oracle ILOM, a local Administrator root account
is provided with the system. To build a secure environment, you must
change the provided Administrator password (changeme)
after your initial login to Oracle ILOM.
Gaining unauthorized access to the Administrator root account
gives a user unrestricted access to all features of Oracle ILOM.
Therefore, it is essential to specify a strong, secure password. |
Change All Oracle ILOM Account
Passwords on a Regular Basis |
To prevent malicious activity
and ensure that passwords remain in accordance with current password
policies, you should change all Oracle ILOM passwords on a regular
basis. |
Enforce Common Practices
for Creating Strong Complex Passwords |
Enforce the following common
practices for creating strong complex passwords:
Do not create a password
that is shorter than 16 characters in length.
Do not create a password that contains the user
name, employee name, or family member names.
Do not select passwords that are easy to guess.
Do not create passwords that contain a consecutive
string of numbers, such as 12345.
Do not create passwords that contain a word or string
that is easily discoverable by a simple Internet search.
Do not allow users to reuse the same password across
multiple systems.
Do not allow users to reuse older passwords.
-
For Increased security, you should always mask new
password entries in the CLI by using the following
syntax:
set
[SP|CMM]/users/root
password=[do not type
password, press Enter]
- or-
set
[SP|CMM]/users/newuser
password=[do not type
password, press Enter]
The CLI will prompt for the new password value,
masking the password from view.
|
Set Password Policy Restrictions for Local Users
(Available as of firmware 3.2.5 and later) |
|
Consult Your
IT Security Officer for Password Management Policies |
Consult your IT Security Officer to ensure
that your company's password management requirements and policies
are being met. |
|