Protecting Snmp Traffic - HP Integrity BL870c Operation Manual

Privacy
Login
Because iLO 2 devices are completely autonomous and can be used to control the server, treat
them the same as other servers. For example, include the iLO 2 devices in the security and network
audits.
IMPORTANT:
by pressing the iLO MP reset button for longer than four seconds.

Protecting SNMP Traffic

Because SNMP uses passwords, known as community strings, that are sent across the network
in clear text, you must enhance the network security when using SNMP traffic. To enhance
network security, do the following:
• Reset the community strings (read only) with the same frequency and according to the same
guidelines as the administrative passwords. For example, select alphanumeric strings with
at least one uppercase letter, one numeral, and one symbol.
• Set firewalls or routers to accept only specific source and destination addresses. For example,
you can allow inbound SNMP traffic into the host server only if it comes from one of the
predetermined management workstations.
TIP: Telnet sends data without encryption and is not a secure connection. HP recommends
using SSH instead of Telnet because SSH uses encryption.
To enable and disable Telnet access, use the SA command.
Integrity iLO 2 uses SSL for web connections, RSL-RC4 encryption for
IRC and remote serial console, and SSH-DES3/DES128 2.0 recommended
encryption algorithms for SSH-based connections. You can enable or
disable Telnet, IPMI over LAN, web, and SSH connectivity.
After initial failed login attempts (default three), a delay of approximately
one second is imposed on the serial connection and the login banner
warnings are repeated. All other connection types are disconnected.
Ensure that physical access to the server is limited. Anyone can clear passwords
Security 29