Go to main content

Oracle^® ILOM Security Guide For Firmware Releases 3.x and 4.x

Exit Print View

» ...Documentation Home » Oracle Integrated Lights Out Manager (ILOM) ... » Oracle^® ILOM Security Guide For ... » Oracle ILOM Deployment Practices for ... » Securing Services and Open Network Ports » Preconfigured Services and Network Ports

Updated: December 2019

Oracle^® ILOM Security Guide For Firmware Releases 3.x and 4.x

Document Information

Using This Documentation

Security Features Per Oracle ILOM Firmware Release

Checklists for Keeping Oracle ILOM Secure

Oracle ILOM Deployment Practices for Increasing Security

Securing the Physical Management Connection

Choosing Whether to Configure FIPS Mode At Deployment

Enable FIPS Mode at Deployment

Unupported Features When FIPS Mode Is Enabled

Securing Services and Open Network Ports

Preconfigured Services and Network Ports

Management of Unwanted Services and Open Ports

Configuring Services and Network Ports

Securing Oracle ILOM User Access

Avoid the Creation of Shared User Accounts

Assignment of Role-Based Privileges

Security Guidelines for Managing User Accounts and Passwords

Remote Authentication Services and Security Profiles

Configuring User Access for Increased Security

Securing the Automatic Service Request (ASR) Endpoint Connection

Uploading an SSL Certificate for ASR Client Configurations

Configuring Oracle ILOM Interfaces for Increased Security

Configure the Web Interface for Increased Security

Configure the CLI for Increased Security

Configure SNMP Management Access for Increased Security

Configure IPMI Management Access for Increased Security

Configure WS-Management Access for Increased Security

Oracle ILOM Post Deployment Practices for Increasing Security

Language:

Preconfigured Services and Network Ports

Oracle ILOM comes preconfigured with most services enabled by default. This makes the deployment of Oracle ILOM simple and straightforward. However, each open service network port on the server represents a potential attach point by a malicious user. It is therefore important to understand the initial Oracle ILOM settings, and their purpose, and to choose which services are actually required for a deployed system. For best security, enable only the required Oracle ILOM services.

The following table lists the services that are enabled by default with Oracle ILOM.

Table 4 Services and Ports Enabled by Default

Service	Port(s)
HTTP redirection to HTTPS	80
HTTPS	443
IPMI TLS client connections Note - IPMI TLS client connections are supported as of Oracle ILOM firmware 3.2.8 and later.	623 (TCP)
IPMI LAN and LANPLUS client connections	623 (UDP)
Remote KVMS for Oracle ILOM Remote Console	5120, 5121, 5122, 5123, 5555, 5556, 7578, 7579
Remote KVMS for Oracle ILOM Remote Console Plus (Oracle ILOM firmware 3.2.2 and later)	443
Remote KVMS for Oracle ILOM Remote Console Plus (Oracle ILOM firmware prior to 3.2.2)	5120, 5555
Service Tag	6481
SNMP	161
Single Sign-on	11626
SSH	22

The following table shows the services that are disabled by default with Oracle ILOM.

Table 5 Services and Ports Disabled by Default

Service	Port(s)
HTTP	80

Copyright © 2012, 2019, Oracle and/or its affiliates. All rights reserved.