Beruflich Dokumente
Kultur Dokumente
Information in this document is subject to change without notice. Copyright 2006 Dell Inc. All rights reserved. Reproduction in any manner whatsoever without the written permission of Dell Inc. is strictly forbidden. THIS DOCUMENT IS FOR INFORMATIONAL PURPOSES ONLY. THE CONTENT IS PROVIDED AS IS, WITHOUT EXPRESS OR IMPLIED WARRANTIES OF ANY KIND. Dell, the Dell Logo, and OpenManage are trademarks of Dell Inc. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell disclaims proprietary interest in the marks and names of others.
Table of Contents
TERMINOLOGY......................................................................................................................................................................................................4 INTRODUCTION.....................................................................................................................................................................................................6 AUTHENTICATION AND AUTHORIZATION .......................................................................................................................................................7 LOG IN VIA LOCAL ACCOUNT..................................................................................................................................................................................7 RAC Login User Privilege..............................................................................................................................................................................8 RAC Card Configuration Privilege ................................................................................................................................................................8 RAC User Configuration Privilege.................................................................................................................................................................8 RAC Log Clear Privilege................................................................................................................................................................................8 RAC Server Reset and Power-on/off Privilege ............................................................................................................................................8 RAC Console Redirection Privilege ..............................................................................................................................................................8 RAC Virtual Media Privilege ..........................................................................................................................................................................8 RAC Test Alert Privilege................................................................................................................................................................................8 RAC Debug Command Privilege..................................................................................................................................................................8 LOG IN VIA ACTIVE DIRECTORY WITH DELL SCHEMA EXTENSION ..........................................................................................................................8 LOG IN VIA ACTIVE DIRECTORY WITHOUT DELL SCHEMA EXTENSION ..................................................................................................................10 ENCRYPTION.......................................................................................................................................................................................................12 SSL CERTIFICATE MANAGEMENT........................................................................................................................................................................12 SUPPORTED SSL CIPHER SUITES .......................................................................................................................................................................12 SECURE SHELL ENCRYPTION ..............................................................................................................................................................................13 IPMI RMCP+ ENCRYPTION ................................................................................................................................................................................13 EVENT LOGGING.................................................................................................................................................................................................14 LOG FORMAT ......................................................................................................................................................................................................14 LOG EVENTS .......................................................................................................................................................................................................14 ACCESS TO DRAC 5...........................................................................................................................................................................................15 DISABLING SERVICES AND CHANGING THE SERVICE PORT NUMBER....................................................................................................................15 SECURITY POLICY ...............................................................................................................................................................................................17 IP Blocking....................................................................................................................................................................................................17 Invalid Login Attack Blocking.......................................................................................................................................................................17 SHARED NIC SECURITY ....................................................................................................................................................................................19 WEB BROWSER SECURITY ..................................................................................................................................................................................20 REMOTE CLI SECURITY ......................................................................................................................................................................................20 LOCAL CLI SECURITY..........................................................................................................................................................................................20 SSH SECURITY ...................................................................................................................................................................................................20 SNMP SECURITY................................................................................................................................................................................................21 VIRTUAL MEDIA SECURITY ..................................................................................................................................................................................21
PAGE 2 OF 24
CONSOLE REDIRECTION SECURITY .....................................................................................................................................................................22 Authentication and Encryption.....................................................................................................................................................................22 User Session Privacy...................................................................................................................................................................................23 IPMI OUT-OF-BAND ACCESS SECURITY..............................................................................................................................................................24
PAGE 3 OF 24
Terminology
Term Definition
CA CAST 128 CD CLI CSR 3 DES DH DNS DRAC 5 DSA GUI HTTP HTTPS IP IPMI KVM LAN LDAP LDAPS LOM MAC MD5 MS NIC NVRAM OS PET PKI RAC RC4 RMCP RSA SEL
Certificate Authorization CAST Algorithm 128-bit Compact Disk Command Line Interface Certificate Signing Request Triple Data Encryption Standard Diffie-Hellman Domain Name Server Dell Remote Access Controller Digital Signature Algorithm Graphic User Interface Hypertext Transfer Protocol Hypertext Transfer Protocol Secure Internet Protocol Intelligent Platform Management Interface Keyboard Video Mouse Local Area Network Lightweight Directory Access Protocol Lightweight Directory Access Protocol Secure Lay on Mother Board Media Access Control Message Digest Algorithm Number 5 Microsoft Network Interface Card Non-Volatile Random Access Memory Operating System Platform Event Trap Public Key Infrastructure Remote Access Controller ARC Four Algorithm Remote Management Control Protocol Rivest Shamir Adleman System Event Log
PAGE 4 OF 24
Term
Definition
SHA1 SMCLP SMTP SNMP SOL SSH SSL TCP TCP/IP TFTP TLS1.0 UDP URL VLAN VNC
Seane Hash Algorithm Server Management Command Line Protocol Simple Mail Transfer Protocol Simple Network Management Protocol Serial Over LAN Secured Shell Secured Socket Layer Transmission Control Protocol Transmission Control Protocol/Internet Protocol Trivial File Transfer Protocol Transport Layer Security User Datagram Protocol Uniform Resource Locator Virtual Local Area Network Virtual Network Computing
PAGE 5 OF 24
Introduction
Today, managing distributed servers from a remote location is a critical requirement. DRAC 5 enables users to remotely monitor, troubleshoot, and repair servers even when the server is down. DRAC 5 offers a rich set of features like virtual media, virtual KVM, and so on, which have the potential to make the system prone to security risks. DRAC 5 security features mitigate the security risks that exist while data is being transmitted across the network. This white paper briefly describes the security features that DRAC 5 uses to help ensure authentication, authorization, privacy, and data integrity.
PAGE 6 OF 24