- Community Home
- >
- Servers and Operating Systems
- >
- HPE BladeSystem
- >
- BladeSystem - General
- >
- Re: HP C700 Onboard Administrator HSTS support
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-15-2017 12:52 PM
02-15-2017 12:52 PM
HP C700 Onboard Administrator HSTS support
Hi All,
We have security complaint regarding the HP onboard admistrator web interface where HTTPS server is not enforcing HTTP Strict Transport Security (HSTS).
Can You anyone advice how we can enable HSTS on the OAs
BR,
Mike
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-18-2017 09:26 PM
02-18-2017 09:26 PM
Re: HP C700 Onboard Administrator HSTS support
I would install the latest c7000 OA firmware. This might fix the issue.
However, unlike operating systems, web servers and other programs that use https, firmware is provided for support of the underlying hardware and as such, does not receive the same updates. That's why good data center practice is to never place hardware access ports such as OA, iLO, consoles, GSP, MP or any direct hardware connections on a company network. Instead, all these connections should be on an isolated subnet with *NO* router. The only access to these ports should be through a secure server (HP-UX, Linux, etc -- no Windows) with 2 NICs, one for the isolated subnet and the other to a sysadmin network.
Virtually every server, switch, router, tape library, etc will have a security issue with a web interface after 3-4 years. Security audits will catch the issue but a fix is not likely and the only solution is get an audit exception, disconnect the service port and use a KVM (if possible), or use an isolated subnet.
Bill Hassell, sysadmin
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-21-2017 11:02 AM
02-21-2017 11:02 AM
Re: HP C700 Onboard Administrator HSTS support
Thanks for the reply.
So as I understood, upgrading the firmware will enable the Onboard Administrator to enforce the HTTP Strict Transport Security
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
02-21-2017 06:11 PM
02-21-2017 06:11 PM
Re: HP C700 Onboard Administrator HSTS support
No idea. You would have to read the firmware history for the latest version. Even if it isn't mentioned, it may have been fixed without comment. Or the latest version still doesn't have the fix. Updating the OA can be time consuming with a number of things to consider. Check the README file for the firmware.
Bill Hassell, sysadmin