1. Oracle ILOM Security Guide For Firmware Release 5.1.x
  2. Oracle ILOM Deployment Practices for Increasing Security
  3. Securing Services and Open Network Ports
  4. Preconfigured Services and Network Ports

Preconfigured Services and Network Ports

Oracle ILOM comes preconfigured with most services enabled by default. This makes the deployment of Oracle ILOM simple and straightforward. However, each open service network port on the server represents a potential attach point by a malicious user. It is therefore important to understand the initial Oracle ILOM settings, and their purpose, and to choose which services are actually required for a deployed system. For best security, enable only the required Oracle ILOM services.

The following table lists the services that are enabled by default with Oracle ILOM.

Table 4-2 Services and Ports Enabled by Default

Service Port(s)

HTTP Redirection

80

HTTPS

443

IPMI TLS client connections

Note: IPMI TLS client connections are supported as of Oracle ILOM firmware 3.2.8 and later.

623 (TCP)

Remote KVMS for Oracle ILOM Remote Console

5120, 5121, 5122, 5123, 5555, 5556, 7578, 7579

Remote KVMS for Oracle ILOM Remote Console Plus

443

Service Tag

6481

SNMP (Traps and SNMP v3 user accounts)

161

Single Sign-on

11626

SSH

22

The following table shows the services that are disabled by default with Oracle ILOM.

Table 4-3 Services and Ports Disabled by Default

Service Port(s)

IPMI v2.0 Sessions (-I lanplus)

623 (UDP)