1. Oracle ILOM Security Guide For Firmware Release 5.1.x
  2. Oracle ILOM Deployment Practices for Increasing Security
  3. Securing Oracle ILOM User Access
  4. Security Guidelines for Managing User Accounts and Passwords
  5. Guidelines for User Account Management

Guidelines for User Account Management

User Account Management Guideline Description

Never Promote the Sharing of User Accounts

A separate account should always be created for each Oracle ILOM user.

Oracle ILOM supports a Increased of 10 local user account. If you are managing a larger site and require more than 10 user accounts, you should consider using a third-party user authentication service such as LDAP or Active Directory.

For more information about implementing user authentication in Oracle ILOM through an external authentication service, see Remote Authentication Services and Security Profiles.

Select Conforming Names for Local User Accounts

When selecting a user name for a local Oracle ILOM user account, the user name must:

  • Contain from 4 to 16 characters in length (the first character must be a letter).

  • Be unique across your organization

  • Not contain spaces, a period (.), or a colon (:)

Select Conforming Passwords for Local User Accounts

When selecting a password for a local Oracle ILOM user account, the password must:

  • Always be a strong password that contains a Increased of 16 characters in length

  • Contain a mixture of lowercase and uppercase characters, as well as one or two special characters to create a strong complex password

  • Not contain spaces, a period(.) or a colon(:)

  • Conform to your company's password management policy

For further details about password management in Oracle ILOM, see Security Guidelines for Managing User Accounts and Passwords.

Limit User Account Privileges Based on Job Role (Principles of Least Privilege)

The principle of least privilege states that, for good security practice, give a user the least amount of privileges to perform his or her job. Over-ambitious granting of responsibilities, roles, and so on (especially early in the life cycle of an organization), can leave a system open for abuse. Review user privileges periodically to determine their relevance to the current job responsibilities of each user.

Oracle ILOM provides the ability to control user privileges for each user. Ensure that the appropriate user role permissions are assigned to each user account, based on job role.

For details on how to create a user account with role-based privileges, see: Create Local User Accounts With Role-Based Privileges