- Installation and Administration Guide
- Upgrade and Configure Integrated Lights Out Manager (ILOM)
- ILOM Security Hardening
ILOM Security Hardening
Take steps to secure the ILOM by following certain configuration guidelines.
Follow the Oracle ILOM Security Guide for security hardening of the ILOM (see
https://docs.oracle.com/cd/E95134_01/html/F18611/index.html
).
To further secure the KMA, customers may choose to update some ILOM settings (see Configure ILOM FIPS Mode).
Use of ILOM FIPS mode is recommended and supported, with or without use of the HMP
feature of OKM. Use of HMP enables IPMI 2.0 which does expose the ILOM to some types of
attacks, see https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4786
.
Configure ILOM FIPS Mode
Configure the ILOM to operate in FIPS mode to increase security.
- Be sure you can physically access the ILOM as network connectivity to the ILOM management port will be removed.
- To verify Oracle ILOM Remote Host Console client firmware, as instructed in the ILOM FIPS information section of the Security Guide or the Administrator's Guide for Configuration and Maintenance Firmware, use Help > About from the Remote Host Console.
- Log in to the ILOM web-based interface. Navigate to ILOM Administration > Configuration Management. Perform a backup of the current configuration. This is necessary since the subsequent step for enabling FIPS resets the configuration. The backup will then be used to restore your configuration. Save the password that you assign to the ILOM backup for use during the subsequent restore operation.
- Enable FIPS mode by navigating to ILOM Administration > Management Access then the FIPS tab, enable FIPS and click SAVE.
- Navigate to ILOM Administration > Maintenance and the Reset SP tab. Click the Reset SP button. You will now lose network connectivity to the ILOM management port. Use a physical console connection to reconfigure the ILOM management connection.
- Locate the ILOM backup file saved from the first step of this procedure. Use an editor to change the XML backup files' setting of the FIPS mode from "disabled" to "enabled". The restore operation will fail without this update.
- Once ILOM network connectivity is configured, log in to the ILOM web-based interface. You should now see that FIPS mode enabled by observing the yellow "F" badge in the upper-right corner of the web interface.
Navigate to ILOM Administration > Configuration Management. Perform a restore of the configuration using the ILOM backup.
- Verify configuration settings were properly restored.
Table F-2 ILOM Configuration and Security Hardening
Navigation Point Recommended Changes Remote Control: Redirection
Launch Remote Host Console - This is the typical means for accessing the KMA console. Select the "Use serial redirection" option before launching the Remote Host Console. Once the console launches, the default Devices, Keyboard, and Video settings should be used.
Remote Control: KVMS
KVMS Settings - Use the default settings.
Host Lock Settings - Leave this disabled.
Remote Control: Host Storage Device
Change the Mode setting to "Disabled" to prevent booting from NFS, SAMBA or supplying a Solaris Miniroot package.
Host Management: Power Control
Reset - Whenever possible, it is preferable to use the corresponding OKM console option to reboot the KMA as this provides an OKM audit event.
Graceful Reset - Whenever possible, it is preferable to use the corresponding OKM console option to reboot the KMA as this provides an OKM audit event.
Immediate Power Off - Whenever possible, it is preferable to use the corresponding OKM console option to shut down the KMA as this provides an OKM audit event.
Graceful Shutdown and Power Off - Whenever possible, it is preferable to use the corresponding OKM console option to shut down the KMA as this provides an OKM audit event.
Power On - As needed.
Power Cycle - As needed. In some cases, a power cycle is necessary for recovery of the hardware security module.
Host Management: Diagnostics
Use the default settings.
Host Management: Host Control
Use the default settings. The DIMM sparing feature is irrelevant due to the DIMM configuration.
Host Management: Host Boot Mode
See Set the Boot Mode for OpenBoot from the ILOM
Use the default settings.
Host Management: Host Domain
Auto Boot should be enabled.
Boot Guests may be changed to disabled since OKM does not support hosting guest virtual machines.
Host Management: Verified Boot (ILOM 4.0)
The Boot Policy may be changed to "Warning" to enable boot verification. See Securing Systems and Attached Devices in Oracle Solaris 11.3
https://docs.oracle.com/cd/E53394_01/html/E54828
for more information. The following messages may appear on the console on each verified startup, if an SCA 6000 card or Thales nShield Solo module is installed. These messages can be safely ignored:WARNING: Signature verification of module/kernel/drv/sparcv9/mca failed. WARNING: Signature verification of module /kernel/drv/sparcv9/mcactl failed. WARNING: Signature verification of module /kernel/drv/sparcv9/nfp failed.
System Management: Policy
Use the default settings.
System Management: Diagnostics (ILOM 4.0)
You may change the "HW Change" setting to "Min" to save some time during cold boots.
System Management: Miniroot - (ILOM 4.0)
Use the default setting,
Power Management
Use defaults for all items.
ILOM Administration: Identification
SP Hostname - assign an appropriate host name per customer policy
SP System Identifier - assign a meaningful name per customer policy
SP System Contact - customer contact information
SP System Location - physical rack or other description of location of this server
The "Physical Presence Check" should be enabled (default setting)
Customer FRU Data (SPARC T7-1 only): optional but can be used to record existence of a hardware security module in this KMA.
ILOM Administration: Logs
No specific recommendations.
ILOM Administration: Management Access: Web Server
No specific changes are recommended for KMAs, although a security best practice is to change the default port number for HTTPS.
ILOM Administration: Management Access: SSL Certificate
The ILOM uses a default certificate but supports loading an alternate certificate with its corresponding private key for stronger authentication.
ILOM Administration: Management Access: SNMP
For "Settings" the use of SNMPv3 protocol is recommended.
Refer to the Oracle ILOM Protocol Management Reference SNMP and IPMI document for details.
ILOM Administration: Management Access: SSH Server
No specific changes are recommended for KMAs.
ILOM Administration: Management Access: IPMI
This service should be disabled if there are no plans to use IPMI. If the Hardware Management Pack will be enabled in OKM then IPMI must also be enabled.
ILOM Administration: Management Access: CLI
Configure the session timeout as the default allows CLI sessions to remain open indefinitely.
ILOM Administration: Management Access: Banner Messages
Changing the banner setting to contain the product name is recommended so that users of the ILOM are aware that the key management appliance is not a generic server.
Add a connect message. For example: "Oracle Key Manager ILOM Connect"
Add a login message. For example: "Oracle Key Manager ILOM"
ILOM Administration: User Management: Active Sessions
No KMA-specific changes are prescribed.
ILOM Administration: User Management: User Accounts
Use of user accounts and roles is recommended over the default root account. Refer to the "Setting Up and Maintaining User Accounts" section in the Oracle ILOM Administrator's Guide for Configuration and Maintenance document.
ILOM Administration: User Management: LDAP, LDAP/SSL, RADIUS, Active Directory
No KMA-specific changes are prescribed. These services can all remain disabled.
ILOM Administration: Connectivity: Network
No KMA-specific changes are prescribed. If HMP will be enabled then see the section HMP Prerequisites for the Local Host Interconnect settings.
ILOM Administration: Connectivity: DNS
No KMA-specific changes are prescribed.
ILOM Administration: Connectivity: Serial Port
No KMA-specific changes are prescribed.
ILOM Administration:Configuration Management
Backups of the ILOM configuration are recommended following this hardening procedure and whenever the configuration is changed.
ILOM Administration:Notifications
No specific OKM recommendations other than if HMP will be enabled then see the section HMP Prerequisites for the Alerts settings.
ILOM Administration: Date and Time: Clock
The ILOM SP clock is not synchronized with the host clock on the server. So that ILOM events can be correlated with server events, the ILOM date and time should be set manually to UTC/GMT time or configured to synchronize with external NTP servers — preferably the same NTP servers used for the KMA server during or after QuickStart.
ILOM Administration: Date and Time: Timezone
The ILOM time zone should be "GMT".
ILOM Administration:Maintenance
No specific OKM guidelines.