General security guidelines

When you set up and use iLO, consider the following guidelines for maximizing security:

  • Set up iLO on a dedicated management network.

  • Do not connect iLO directly to the Internet.

    IMPORTANT:

    Change the iLO user account passwords immediately if iLO has been connected directly to the Internet.

  • Install an SSL certificate that is signed by a Certificate Authority (CA).

    You can perform this task on the SSL Certificate Information page.

  • Change the password for your user accounts, including the default user account.

    You can perform this task on the User Administration page.

    IMPORTANT:

    Follow the iLO user account password guidelines when you create and update user accounts.

  • Instead of creating accounts with all privileges, create multiple accounts with fewer privileges.

  • Keep your iLO and server firmware up-to-date.

  • Use an authentication service (for example, Active Directory or OpenLDAP), preferably with two-factor authentication.

  • Disable ports and protocols that you do not use (for example, SNMP or IPMI/DCMI over LAN).

    You can perform this task on the Access Settings page.

  • Disable features that you do not use (for example, remote console).

    You can perform this task on the Access Settings page.

  • Use HTTPS for the remote console.

    To configure this option, enable the IRC requires a trusted certificate in iLO setting on the Remote Console & Media page Security tab.

  • Configure the remote console to automatically lock the server OS console.

    To configure this option, configure the Remote Console Computer Lock setting on the Remote Console & Media page Security tab.

  • Configure a higher security state on the Encryption Settings page.

  • Configure iLO to require login credentials when users access the iLO 5 Configuration Utility in the UEFI System Utilities.

    You can perform this task on the Access Settings page.

  • Configure iLO to log authentication failures.

    You can perform this task on the Access Settings page.

  • Enable firmware verification scans.

    You can perform this task on the Firmware Verification page.

  • Use the Security Dashboard page to monitor security risks and recommendations.

For more information, see the Top 10 security settings for HPE iLO 5 and Recommended Security Settings in HPE iLO 5 videos.