Manualshelf

White Papers

ManualsBrandsDell ManualsActive System ManagerDRAC5 Version 1.60
11121314151617181920
PAGE 17 OF 24
Security Policy
To prevent unauthorized access to the remote system, DRAC 5 provides the following features
which have been described in ”IP Blocking” and “Invalid Login Attack Blocking.
IP address filtering (IPRange) — defines a specific range of IP addresses that can access the
DRAC 5
IP address blocking — limits the number of failed login attempts from a specific IP address
IP Blocking
This feature is disabled in the DRAC 5 default configuration. Use the RACADM config
subcommand or the Web-based interface to enable this feature.
Additionally, use this feature in conjunction with the appropriate session idle timeout values and a
defined security plan for your network.
IP Filtering (IPRange) and IP address filtering (or IP Range Checking) allow DRAC 5 to be
accessed only from clients or management workstations whose IP addresses are within a user-
specific range. All other logins are denied.
IP filtering compares the IP address of an incoming login to the IP address range that is specified
by the following properties:
Property Description
cfgRacTuneIPRangeEnable Enables the IP range checking feature.
cfgRacTuneIPRangeAddr Determines the acceptable IP address bit pattern
positions depending on the 1’s in the subnet mask. This
property is bitwise, and uses the “width with
cfgRacTuneIPRangeMask” property to determine the
upper portion of the allowed IP address. Any IP address
that contains this bit pattern in its upper bits is allowed to
establish a DRAC 5 session. Logins from IP addresses
that are outside this range will fail. The default values in
each property allow an address range from 192.168.1.0
to 192.168.1.255 to establish a DRAC 5 session.
cfgRacTuneIPRangeMask Defines the significant bit positions in the IP address. The
subnet mask should be in the form of a netmask, where
the more significant bits are all 1’s with a single transition
to all zeros in the lower-order bits.
Table 2: Properties for RAC Tuning
Invalid Login Attack Blocking
To prevent a repeat attack and a password guess attack to your remote system, the DRAC 5
provides IP address blocking. This feature limits the number of failed login attempts from a specific
IP address.
The IP blocking feature dynamically determines when excessive login failures have occurred from
a specific IP address and blocks (or prevents) the IP address from logging into the DRAC 5 for the
time span configured in the DRAC 5.