HP Insight Control Server Provisioning 7.2 Administrator Guide
• For local accounts on the appliance, periodically change the passwords in accordance with
your password policies and consider the following guidelines:
◦ Default passwords should be changed immediately to a more relevant and secure
password.
◦ Administrators should change management device passwords with the same frequency
and according to the same guidelines as the server administrative passwords.
◦ Passwords should include at least three of these four characteristics: numeric character,
special character, lowercase character, and uppercase character.
• Utilize mutual device authentication (to validate endpoints), when available, and user
authentication mechanisms.
• Restrict access to iLO remote console port.
For iLO 2: Disable telnet access to iLO 2.◦
◦ For first-generation iLO: Require Remote Console data encryption and set Remote Console
Port Configuration to Automatic.
◦ These changes force remote console sessions to be encrypted and leave the port closed
except when attaching the remote console.
• Do not connect management systems, (for example, the appliance, iLO, and OA), directly to
the Internet. If you do require access to the Internet, utilize a corporate virtual private network
that provides firewall protection.
• For service management, consider using the practices and procedures, such as those defined
by ITIL. Visit http://www.itil-officialsite.com/home/home.aspx.
• Consider using The Center for Internet Security Benchmarks available at http://
benchmarks.cisecurity.org/. Benchmarks are included for HP-UX, Windows, Linux, Citrix Xen
Server, and VMware Server.
4.15 Security best practices 33