ProLiant Servers (ML,DL,SL)
cancel
Showing results for 
Search instead for 
Did you mean: 

ILO Security Switch on motherboard

stevekat
Advisor

ILO Security Switch on motherboard

I am not sure I see the scenarios where it is important to re-enable the security override switch on the motherboard of a, for instance, DL 360 G5 server, if the server is in a locked cabinet in a Colo.

Can others opine on possible adverse scenarios?

If we have also have VNC on our server, and someone got unauthorized access via that avenue, then it seems access to changing ILO settings would not be significant as they could do as much damage as they wanted in the OS.

If they got unauthorized access to our ILO connection, without the advanced license key installed they could shut us down. But with the key, they have full KVM access, so changing ILO settings would seem insignificant.

The servers are within reasonable driving distance for us and would not require a complete re-setup remotely - so if they changed our IP for ILO we could get physical access.

Any thoughts appreciated.
3 REPLIES
Terry Hutchings
Honored Contributor

Re: ILO Security Switch on motherboard

I believe you can gain access to the iLO across the network with the security override switch turned on. The standard license (non Advanced) will allow for use of virtual power through the iLO2.

I the security override switch is enabled you can have someone turn you server off on you, as the login is not required when the switch is turned on.
The truth is out there, but I forgot the URL..
stevekat
Advisor

Re: ILO Security Switch on motherboard

When accessing ILO via the WAN with the security switch in disabled mode, it appears that a login is required to get into ILO2. Unless I am missing something. If so, I'd be interested in details.

If they could get to the windows desktop via the WAN or LAN (again requiring a login) they could change the configurtion of the ILO through the ILO utility, but they'd have to get to the desktop. And they could shut the server down there as well. s
stevekat
Advisor

Re: ILO Security Switch on motherboard

Ah, it appears a login and ID is required, but it is not.