1. Oracle ILOM Security Guide For Firmware Release 5.0.x
  2. Oracle ILOM Deployment Practices for Increasing Security
  3. Configuring Oracle ILOM Interfaces for Increased Security
  4. Configure IPMI Management Access for Increased Security
  5. Oracle ILOM IPMI Security Guidelines

Oracle ILOM IPMI Security Guidelines

To increase IPMI security, system administrators should consider the following IPMI security configuration guidelines:

  • As firmware version 3.2.8 and later, system administrators should use the Oracle IPMI TLS (orcltls) interface and only enable the use of the IPMI v2.0 (lanplus ) interface for legacy compatibility.

    Note:

    The RAKP protocol support in the IPMI 2.0 specification requires sending a password hash to the client, which makes it easier for remote attackers to obtain access via a brute-force attack. For additional details about this vulnerability, see the published vulnerability summaries for CVE 2013-4037 and CVE 2013-4786 on the National Vulnerability Database web site.

    Note:

    As of firmware version 5.0.0, the IPMI v1.5 Sessions property has been removed and the IPMI v2.0 Sessions property is disabled by default.

  • Change your IPMI password on a regular basis. Ensure the lifecyle of Oracle ILOM user accounts are managed appropriately.

    For further details, see Securing Oracle ILOM User Access.

  • Restrict network access from the outside world. Use the dedicated Ethernet management channel to communicate with Oracle ILOM.

    For further details, see Securing the Physical Management Connection.

  • Work with your IT Security Officer to build a set of best practices and policies around server management and IPMI security.