Firmware should be updated to the latest available version to ensure all security patches are applied.
Management networks (subnets/VLANs) should also be separated by firewalls, and access should be limited (via ACLs and other methods) to authorized server administrators.
If you choose not to use IPMI the DRAC/iDRAC IPMI firewall should be enabled, and IPMI over the network should be disabled. (Control available via the iDRAC web interface and the iDRAC CLI).
IPMI Over Lan is disabled by default on all Dell 8G Servers and later, including our currently shipping 12G models.
Disable Cipher 0 - Cipher 0 is an option usually enabled by default, that can allow authentication to be bypassed. Disabling Cipher 0 can prevent attackers from bypassing authentication and sending arbitrary IPMI commands.
ipmitool lan set 1 cipher_privs Xaaaaaaaaaaaaaa
The syntax for the cipher suites will vary by customer needs. The initial X disabled cipher suite 0. In the example above, all remaining cipher suites would be available to ADMIN users.
Quick Tips content is self-published by the Dell Support Professionals who resolve issues daily. In order to achieve a speedy publication, Quick Tips may represent only partial solutions or work-arounds that are still in development or pending further proof of successfully resolving an issue. As such Quick Tips have not been reviewed, validated or approved by Dell and should be used with appropriate caution. Dell shall not be liable for any loss, including but not limited to loss of data, loss of profit or loss of revenue, which customers may incur by following any procedure or advice set out in the Quick Tips.
Identificación del artículo: SLN156429
Última fecha de modificación: 06/23/2014 07:59 AM
Califique este artículo
Fácil de comprender
¿Este artículo fue útil?
Envíenos sus comentarios
Los comentarios muestran caracteres no válidos, los caracteres especiales que no se aceptan son <> () \
Disculpe, nuestro sistema de comentarios está actualmente inactivo. Vuelva a intentarlo más tarde.