beautypg.com

Security, General security guidelines – HP Integrated Lights-Out 2 User Manual

Page 41

background image

connection terminates, and the second login failure is recorded. The SSH login failure counter
is set to 2.

3.

Run the SSH client until receiving the login prompt. Log in with an incorrect login name and
password. You will receive three password prompts. After the third incorrect password, the
connection terminates and the third login failure is recorded. The SSH login failure counter is
set to 3.

At this point, iLO 2 firmware records an SSH login failure log entry and sets the SSH login failure
counter to 0.

iLO 2 Remote Console and Remote Serial Console access

For iLO 2 Remote Console recommended client settings, server settings, optimizing mouse support,
and Remote Serial Console settings, see

“iLO 2 Remote Console” (page 80)

.

Security

The iLO 2 firmware enables you to customize iLO 2 security settings. To access iLO 2 security
settings, select Administration>Security. iLO 2 security options include:

“SSH key administration” (page 44)

“SSL certificate administration” (page 45)

“Two-factor authentication” (page 46)

“Directory settings” (page 51)

“Encryption” (page 53)

“HP SIM single sign-on (SSO)” (page 55)

“Remote Console Computer Lock” (page 58)

iLO 2 security options enables iLO 2 to provide the following security features:

User-defined TCP/IP ports

User actions logged in the iLO 2 Event Log

Progressive delays for failed login attempts

Support for X.509 CA signed certificates

Support for securing RBSU

Encrypted communication using:

SSH key administration

— SSL certificate administration

Support for optional LDAP-based directory services

Some of these options are licensed features. To verify your available options, see

“Licensing” (page

26)

.

General security guidelines

The following are general guidelines concerning security for iLO 2:

For maximum security, iLO 2 must be set up on a separate management network.

The iLO 2 firmware must not be connected directly to the Internet.

A 128-bit cipher strength browser must be used.

Security

41