User guide
23
Recommended Practices
Dell recommends the following practices to enhance security with iDRAC6.
Use a dedicated NIC for the iDRAC. This isolates the management processor on its own network as
discussed above. Further, access rights can be given only to a select few individual administrators.
Change or disable the default local user account. This is a relatively well known default credential.
Implement advanced user authentication measures such as TFA and directory services. This way user
databases can be controlled from a central point. Additionally, TFA offers an additional measure of
security.
Restrict privileges, especially to remote desktop (vKVM). Although traffic is encrypted and uses a
proprietary compression algorithm, any possible access to the host process should be limited.
Disable ports not in use.
Use a custom PKI (Private Key Infrastructure). Upload a private key and a certificate to the iDRAC6 to
overwrite the default certificate that is shipped with the units to ensure secure iDRAC6 authentication.
Acronyms
Term
Definition
AD
Active Directory
CA
Certificate Authorization
CAST 128
CAST Algorithm 128-bit
CD
Compact Disk
CLI
Command Line Interface
CSR
Certificate Signing Request
3 DES
Triple Data Encryption Standard
DH
Diffie-Hellman
DNS
Domain Name Server
iDRAC
Integrated Dell Remote Access Controller
DSA
Digital Signature Algorithm
GUI
Graphical User Interface
TFA
Two Factor Authentication
vKVM
Virtual Keyboard, Video, Mouse
Further information
Information and papers about the Lifecycle Controller and Dell’s embedded management solution
including iDRAC6 can be found at the following link:
http://www.delltechcenter.com/page/Lifecycle+Controller
More information can be found in the iDRAC6 user’s guides at this link:
http://support.dell.com/support/edocs/software/smdrac3/idrac/index.htm