ProLiant Servers (ML,DL,SL)
cancel
Showing results for 
Search instead for 
Did you mean: 

Server In DMZ, ILO NOT in DMZ

Steven Baillie
Trusted Contributor

Server In DMZ, ILO NOT in DMZ

Is there security issues with having the server in the DMZ and the ILO not in the DMZ.

If somebody hacks into the server can they hack into the ilo and get to the live network via the ILO.

Is it best practice to have the ILO in the DMZ as well.


steven
6 REPLIES
Andrew_346
Regular Advisor

Re: Server In DMZ, ILO NOT in DMZ

As long as you do not have the iLo configured as an additional NIC, I don't see how the two networks could talk to each other. I would think it a much greater risk to have the iLo in your DMZ where someone could potentially access the console. Say your DMZ has multiple web servers and you have 80 & 443 open for the entire DMZ. Well, there goes your iLo. It wouldn't be too hard to brute force the username/password.

With that said, anything is possible. Given enough time, a good hack can be found for any system. Lock your DMZ down tight and your internal network even tighter and you should be fine.
Adam White_4
Advisor

Re: Server In DMZ, ILO NOT in DMZ

If somebody can run arbitary code on your server it may be possible for them to access the iLO interface. But it's not very likely if there are no known methods to do this.
Terry Hutchings
Honored Contributor

Re: Server In DMZ, ILO NOT in DMZ

The ILO can't be used as a nic (it just uses RJ45), but shouldn't be available to the os, ever, as a nic. There should be no danger at all.
The truth is out there, but I forgot the URL..
Andrew_346
Regular Advisor

Re: Server In DMZ, ILO NOT in DMZ

Ah, thanks for the clarification. I was under the assumption it could but obviously I never had done it... I think I might have been confused with HP's examples of running on the same network at your production traffic. I prefer to have separate VLANs or completely separate network hardware for iLo management.
Steven Baillie
Trusted Contributor

Re: Server In DMZ, ILO NOT in DMZ

thanks for verifying what I thought


steven
Steven Baillie
Trusted Contributor

Re: Server In DMZ, ILO NOT in DMZ

that is what I thought

steven