1. Installation and Administration Guide
  2. Upgrade and Configure Integrated Lights Out Manager (ILOM)
  3. ILOM Security Hardening

ILOM Security Hardening

Take steps to secure the ILOM by following certain configuration guidelines.

Follow the Oracle ILOM Security Guide for security hardening of the ILOM (see https://docs.oracle.com/cd/E95134_01/html/F18611/index.html).

To further secure the KMA, customers may choose to update some ILOM settings (see Configure ILOM FIPS Mode).

Use of ILOM FIPS mode is recommended and supported, with or without use of the HMP feature of OKM. Use of HMP enables IPMI 2.0 which does expose the ILOM to some types of attacks, see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4786.

Configure ILOM FIPS Mode

Configure the ILOM to operate in FIPS mode to increase security.

  1. Be sure you can physically access the ILOM as network connectivity to the ILOM management port will be removed.
  2. To verify Oracle ILOM Remote Host Console client firmware, as instructed in the ILOM FIPS information section of the Security Guide or the Administrator's Guide for Configuration and Maintenance Firmware, use Help > About from the Remote Host Console.
  3. Log in to the ILOM web-based interface. Navigate to ILOM Administration > Configuration Management. Perform a backup of the current configuration. This is necessary since the subsequent step for enabling FIPS resets the configuration. The backup will then be used to restore your configuration. Save the password that you assign to the ILOM backup for use during the subsequent restore operation.
  4. Enable FIPS mode by navigating to ILOM Administration > Management Access then the FIPS tab, enable FIPS and click SAVE.
  5. Navigate to ILOM Administration > Maintenance and the Reset SP tab. Click the Reset SP button. You will now lose network connectivity to the ILOM management port. Use a physical console connection to reconfigure the ILOM management connection.
  6. Locate the ILOM backup file saved from the first step of this procedure. Use an editor to change the XML backup files' setting of the FIPS mode from "disabled" to "enabled". The restore operation will fail without this update.
  7. Once ILOM network connectivity is configured, log in to the ILOM web-based interface. You should now see that FIPS mode enabled by observing the yellow "F" badge in the upper-right corner of the web interface.

    Navigate to ILOM Administration > Configuration Management. Perform a restore of the configuration using the ILOM backup.

  8. Verify configuration settings were properly restored.

    Table F-2 ILOM Configuration and Security Hardening

    Navigation Point Recommended Changes

    Remote Control: Redirection

    Launch Remote Host Console - This is the typical means for accessing the KMA console. Select the "Use serial redirection" option before launching the Remote Host Console. Once the console launches, the default Devices, Keyboard, and Video settings should be used.

    Remote Control: KVMS

    KVMS Settings - Use the default settings.

    Host Lock Settings - Leave this disabled.

    Remote Control: Host Storage Device

    Change the Mode setting to "Disabled" to prevent booting from NFS, SAMBA or supplying a Solaris Miniroot package.

    Host Management: Power Control

    Reset - Whenever possible, it is preferable to use the corresponding OKM console option to reboot the KMA as this provides an OKM audit event.

    Graceful Reset - Whenever possible, it is preferable to use the corresponding OKM console option to reboot the KMA as this provides an OKM audit event.

    Immediate Power Off - Whenever possible, it is preferable to use the corresponding OKM console option to shut down the KMA as this provides an OKM audit event.

    Graceful Shutdown and Power Off - Whenever possible, it is preferable to use the corresponding OKM console option to shut down the KMA as this provides an OKM audit event.

    Power On - As needed.

    Power Cycle - As needed. In some cases, a power cycle is necessary for recovery of the hardware security module.

    Host Management: Diagnostics

    Use the default settings.

    Host Management: Host Control

    Use the default settings. The DIMM sparing feature is irrelevant due to the DIMM configuration.

    Host Management: Host Boot Mode

    See Set the Boot Mode for OpenBoot from the ILOM

    Use the default settings.

    Host Management: Host Domain

    Auto Boot should be enabled.

    Boot Guests may be changed to disabled since OKM does not support hosting guest virtual machines.

    Host Management: Verified Boot (ILOM 4.0)

    The Boot Policy may be changed to "Warning" to enable boot verification. See Securing Systems and Attached Devices in Oracle Solaris 11.3 https://docs.oracle.com/cd/E53394_01/html/E54828 for more information. The following messages may appear on the console on each verified startup, if an SCA 6000 card or Thales nShield Solo module is installed. These messages can be safely ignored:

    WARNING: Signature verification of module/kernel/drv/sparcv9/mca failed. WARNING: Signature verification of module /kernel/drv/sparcv9/mcactl failed. WARNING: Signature verification of module /kernel/drv/sparcv9/nfp failed.

    System Management: Policy

    Use the default settings.

    System Management: Diagnostics (ILOM 4.0)

    You may change the "HW Change" setting to "Min" to save some time during cold boots.

    System Management: Miniroot - (ILOM 4.0)

    Use the default setting,

    Power Management

    Use defaults for all items.

    ILOM Administration: Identification

    SP Hostname - assign an appropriate host name per customer policy

    SP System Identifier - assign a meaningful name per customer policy

    SP System Contact - customer contact information

    SP System Location - physical rack or other description of location of this server

    The "Physical Presence Check" should be enabled (default setting)

    Customer FRU Data (SPARC T7-1 only): optional but can be used to record existence of a hardware security module in this KMA.

    ILOM Administration: Logs

    No specific recommendations.

    ILOM Administration: Management Access: Web Server

    No specific changes are recommended for KMAs, although a security best practice is to change the default port number for HTTPS.

    ILOM Administration: Management Access: SSL Certificate

    The ILOM uses a default certificate but supports loading an alternate certificate with its corresponding private key for stronger authentication.

    ILOM Administration: Management Access: SNMP

    For "Settings" the use of SNMPv3 protocol is recommended.

    Refer to the Oracle ILOM Protocol Management Reference SNMP and IPMI document for details.

    ILOM Administration: Management Access: SSH Server

    No specific changes are recommended for KMAs.

    ILOM Administration: Management Access: IPMI

    This service should be disabled if there are no plans to use IPMI. If the Hardware Management Pack will be enabled in OKM then IPMI must also be enabled.

    ILOM Administration: Management Access: CLI

    Configure the session timeout as the default allows CLI sessions to remain open indefinitely.

    ILOM Administration: Management Access: Banner Messages

    Changing the banner setting to contain the product name is recommended so that users of the ILOM are aware that the key management appliance is not a generic server.

    Add a connect message. For example: "Oracle Key Manager ILOM Connect"

    Add a login message. For example: "Oracle Key Manager ILOM"

    ILOM Administration: User Management: Active Sessions

    No KMA-specific changes are prescribed.

    ILOM Administration: User Management: User Accounts

    Use of user accounts and roles is recommended over the default root account. Refer to the "Setting Up and Maintaining User Accounts" section in the Oracle ILOM Administrator's Guide for Configuration and Maintenance document.

    ILOM Administration: User Management: LDAP, LDAP/SSL, RADIUS, Active Directory

    No KMA-specific changes are prescribed. These services can all remain disabled.

    ILOM Administration: Connectivity: Network

    No KMA-specific changes are prescribed. If HMP will be enabled then see the section HMP Prerequisites for the Local Host Interconnect settings.

    ILOM Administration: Connectivity: DNS

    No KMA-specific changes are prescribed.

    ILOM Administration: Connectivity: Serial Port

    No KMA-specific changes are prescribed.

    ILOM Administration:Configuration Management

    Backups of the ILOM configuration are recommended following this hardening procedure and whenever the configuration is changed.

    ILOM Administration:Notifications

    No specific OKM recommendations other than if HMP will be enabled then see the section HMP Prerequisites for the Alerts settings.

    ILOM Administration: Date and Time: Clock

    The ILOM SP clock is not synchronized with the host clock on the server. So that ILOM events can be correlated with server events, the ILOM date and time should be set manually to UTC/GMT time or configured to synchronize with external NTP servers — preferably the same NTP servers used for the KMA server during or after QuickStart.

    ILOM Administration: Date and Time: Timezone

    The ILOM time zone should be "GMT".

    ILOM Administration:Maintenance

    No specific OKM guidelines.