You can actively secure, manage, and monitor system components using Oracle Integrated Lights Out Manager (ILOM) management firmware, which is embedded on Oracle x86-based servers and Oracle SPARC-based servers. Depending on the authorization level granted to system administrators, functions might include the ability to power off the server, create user accounts, mount remote storage devices, and so on.
Use a secure, internal trusted network.
Whether you establish a physical management connection to Oracle ILOM through the local serial port, dedicated network management port, sideband management port, or the standard data network port, it is essential that this physical port on the server is always connected to an internal trusted network, or a dedicated secure management or private network.
Never connect the Oracle ILOM service processor (SP) to a public network, such as the Internet. Keep the Oracle ILOM SP management traffic on a separate management network and grant access only to system administrators.
Limit the use of the default Administrator account.
Limit the use of the default Administrator account (root) to the initial Oracle ILOM login. This default Administrator account is provided only to aid with the initial server installation. Therefore, to ensure the most secure environment, you must change the default Administrator password as part of the initial setup of the system. Gaining access to the default Administrator account gives a user unrestricted access to all features of Oracle ILOM. In addition, establish new user accounts with unique passwords and assign authorization levels (user roles) for each new Oracle ILOM user account. For details, see securing Oracle ILOM user access in the Oracle ILOM Security Guide.
Carefully consider risks when connecting the serial port to a terminal server.
Terminal devices do not always provide the appropriate levels of user authentication or authorization that are required to secure the network from malicious intrusions. To protect your system from unwanted network intrusions, do not establish a serial connection (serial port) to Oracle ILOM through any type of network redirection device, such as a terminal server, unless the server has sufficient access controls.
In addition, certain Oracle ILOM functions, such as password reset and the Preboot menu, are only made available using the physical serial port. Connecting the serial port to a network using an unauthenticated terminal server removes the need for physical access, and lowers the security associated with these functions.
Access to the Preboot menu requires physical access to the server.
The Oracle ILOM Preboot menu is a powerful utility that provides a way to reset Oracle ILOM to default values, and to flash firmware if Oracle ILOM were to become unresponsive. Once Oracle ILOM has been reset, a user is then required to either press a button on the server (the default) or type a password. The Oracle ILOM Physical Presence property controls this behavior (check_physical_presence=true). For maximum security when accessing the Preboot menu, do not change the default setting (true), so that access to the Preboot menu always requires physical access to the server.
Refer to the Oracle ILOM documentation.
Refer to Oracle ILOM documentation to learn more about setting up passwords, managing users, and applying security-related features, including Secure Shell (SSH), Secure Socket Layer (SSL), and RADIUS authentication. For security guidelines that are specific to Oracle ILOM, refer to the Oracle ILOM Security Guide, which is part of the Oracle ILOM documentation library. You can find the Oracle ILOM documentation at: https://www.oracle.com/goto/ilom/docs