Oracle ILOM Security
The Oracle System Assistant shell is designed to permit users with appropriate privileges to
use the Oracle Hardware Management Pack CLI Tools for system management purposes.
The shell is not designed to provide network services. Network services are disabled by
default to ensure the highest level of security and should not be enabled.
■
Oracle System Assistant mounts a USB storage device that is accessible to the
operating system.
In addition to being a bootable environment, Oracle System Assistant is also mounted
as a USB storage device (flash drive) that is accessible to the host operating system
after installation. This is useful when accessing tools and drivers for maintenance and
reconfiguration. The Oracle System Assistant USB storage device is both readable and
writeable and could potentially be exploited by viruses.
For increased security, apply to the Oracle System Assistant storage device the same
methods you use for protecting disks, including regular virus scans and integrity checking.
■
Oracle System Assistant can be disabled.
Oracle System Assistant is a useful tool in helping to set up the server, update and configure
firmware, and install the host operating system. However, if the security implications
described above are unacceptable, or if the tool is not needed, Oracle System Assistant can
be disabled. After disabling Oracle System Assistant, the USB storage device is no longer
accessible to the host operating system and users will be unable to boot into Oracle System
Assistant.
You can disable Oracle System Assistant from either the tool itself or from BIOS. Once
disabled, Oracle System Assistant can only be re-enabled from the BIOS Setup Utility. It
is recommended that the BIOS Setup Utility be password-protected so that only authorized
users can re-enable Oracle System Assistant.
■
Refer to the Oracle System Assistant documentation.
For information about Oracle System Assistant features and functions, refer to the Oracle
X5 Series Servers Administration Guide at:
http://www.oracle.com/goto/x86AdminDiag/docs
Oracle ILOM Security
You can actively secure, manage, and monitor system components using Oracle Integrated
Lights Out Manager (ILOM) management firmware, which is embedded on Oracle x86-based
servers and Oracle SPARC-based servers. Depending on the authorization level granted to
system administrators, functions might include the ability to power off the server, create user
accounts, mount remote storage devices, and so on.
■
Use a secure, internal trusted network.
12 Oracle Server X5-2 Security Guide • May 2015
To Next Page
Loading...
Need help?
General
