Manualshelf

Integrated Lights-Out 3 technology

ManualsBrandsHP ManualsComputer AccessoriesHP Integrated Lights-Out (iLO) Firmware
9101112131415161718
13
They use the same security policies as the rest of the network. Because directory services let you
authenticate a user by the same login process employed throughout the rest of the network, you can
enforce corporate standards for security easily.
They support thousands of users rather than only the few that iLO 3 supports without directory
integration.
They provide role-based administration with access and time restrictions, letting you control access
rights to iLO 3 devices more closely.
Data encryption
First-generation iLO processors used SSL and SSH protocols to ensure privacy of iLO actions, depending
on the access modes and types of functions they performed:
iLO encrypted all HTTP web pages using SSL to ensure privacy for all information and commands issued
through the web browser.
iLO used the AES or RC4 algorithms to encrypt the remote console and virtual serial port sessions (if
enabled).
The CLP used SSH to encrypt the data stream both to and from the server.
The iLO 3 device provides additional security through two of the strongest available cipher strengths: AES
and 3DES. iLO 3 hardware assisted encryption algorithms provide strong AES encryption without the
typical performance impact. iLO 3 enforces the use of AES/3DES over the browser, the SSH port, and the
XML port if you configure iLO 3 for maximum security.
SSL Certificate Import
iLO 3 generates self-signed SSL certificates as a standard feature. However, you can replace the iLO 3
SSL certificate by using CA-issued certificates based on an iLO 3 certificate-signing request.
Data integrity
HP ensures the legitimacy and integrity of any iLO 3 firmware images by including a digital signature in
the image. HP generates the digital signature using a private key, or encryption code (known only to HP).
The iLO 3 firmware verifies the digital signature by using a corresponding public key. If iLO 3 cannot
verify the digital signature, it will not execute or even load the firmware. This safeguard prevents loading
corrupt or rogue firmware.
The remote console applet also has a digital signature. The digital signature ensures that when you view
the applet window, the code originated from iLO 3 and is unaltered after the application of the signature.
After iLO 3 accepts the digital signature, the IRC can read or write to the management console’s physical
floppy, CD drive, or the associated image files.
Event generation for failed login attempts
iLO 3 tracks all login attempts and maintains a record of all login failures. When login attempts fail, iLO 3
generates alerts and can send them to a remote management console such as HP SIM. In addition, iLO 3
adds progressive delays at each failed login attempt. This feature assists in defending against possible
dictionary attacks against the browser login port. iLO 3 imposes the following delays:
5-second delay after an initial failed login
10-second delay after a second failed attempt
60-second delay after the third failed attempt