Manualshelf

HP Integrated Lights-Out Security, 7th edition

ManualsBrandsHP ManualsSoftwareInsight Software
21222324252627282930
29
General security recommendations
We recommend that you observe the following security practices:
Use a separate management network. We recommend that you establish a private management
network separate from your data network and that only administrators have access to that
management network.
Do not connect iLO directly to the Internet. The iLO processor is a management and administration
tool, not an Internet gateway. Connect to the Internet using a corporate VPN that provides firewall
protection.
Change passwords frequently if using local accounts. Change the default iLO password immediately
to a more relevant password. Administrators should change the iLO management passwords with
the same frequency and according to the same guidelines as the server administrative passwords.
Passwords should include at least three of these four character types; numeric, special, lowercase,
and uppercase
Implement directory services. This allows authentication and authorization using the same login
process throughout the network. It provides a way to control multiple iLO devices simultaneously.
Directories provide role-based access to iLO with very specific roles and privileges based on time
and location.
Implement two-factor authentication. This provides additional security, especially when you can
make connections remotely or outside the local network.
Restrict access to remote console port. Restrict access to the remote console port and turn on
encryption to provide tighter security. We recommend disabling the port entirely if you don’t require
the remote console.
Protect SNMP traffic. Reset the community strings according to the same guidelines as the
administrative passwords. Also set firewalls or routers to accept only specific source and destination
addresses. Disable SNMP at the server if you don’t need it. You can also disable the iLO SNMP
pass-thru.
Conclusion
iLO lets you deploy your ProLiant servers without concern. It uses strong authentication, highly
configurable user privileges with strong authorization processes, and encryption of data, keystrokes,
and security keys. The hardware design protects keys and sensitive password information. It also lets
you separate iLO management traffic from all server traffic.
A networked environment has inherent security risks. iLO mitigates many of these risks through
authorization, authentication, and encryption. You can further decrease the chance of attacks by
following security recommendations, being aware of access points to the iLO devices and their
servers, and configuring their networks to eliminate unnecessary services.