IPMI is an iDRAC management interface that allows users to monitor and configure iDRAC. The IPMI protocol has inherent security concerns that potentially allow malicious actors to discover user credentials resulting in unauthorized actions being performed. If IPMI over LAN is not required, Dell Technologies recommends disabling this service. If IPMI over LAN is required, below are recommendations for how to configure the service as securely as possible.
Segment IPMI traffic (UDP and stateless) from the rest of the network.
Do not allow IPMI traffic from outside the network.
If using IPMI 1.5-capable BMCs, use ACLs and strict source routing to help ensure that the IPMI traffic is secure. IPMI 2.0 uses stronger encryption than IPMI 1.5.
Disable Cipher 0 - Cipher 0 is an option that is usually enabled by default that can allow authentication to be bypassed. Disabling Cipher 0 can prevent attackers from bypassing authentication and sending arbitrary IPMI commands.
Det finns inga tillgängliga data för ämnet
Ange betyg (1–5 stjärnor).
Ange betyg (1–5 stjärnor).
Ange betyg (1–5 stjärnor).
Ange om artikeln var användbar eller inte.
Kommentarer får inte innehålla följande specialtecken: <>()\