- Community Home
- >
- Servers and Operating Systems
- >
- HPE ProLiant
- >
- ProLiant Servers (ML,DL,SL)
- >
- Re: ILO4 security issues
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-19-2017 08:39 AM
07-19-2017 08:39 AM
ILO4 security issues
Hi! I have already posted this problems 2 weeks ago, I though it was solved but unfortunately not yet.
My University is scanning all the campus servers with Nessus Vulnerability Scanner and they are complaining that my ILO4 (now just updated to firmware 2.53 May 03 2017) on ProLiant ML350p Gen8 HP server has a "medium" risk level of vulnerability, so they are asking to solve this issue as soon as possible, to avoid potential attacks.
I enclose the "medium" risk entries of the report: all the problems are connected with the 443/tcp port, it seemed I should update the version of SSL protocol to improve cipher, encription and certificate... however I have just updated also OpenSSL to Version : 1.0.1e Release : 57.el6 but the problem persists.
Is anybody able to help me in this respect?
Thank you very much in advance!
Mauro
- Tags:
- SSL
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-19-2017 10:28 AM - edited 07-19-2017 10:33 AM
07-19-2017 10:28 AM - edited 07-19-2017 10:33 AM
Re: ILO4 security issues
Nessus is warning you that your iLOs still have those "untrusted" default Self-Signed SSL Certificates that iLO generates automatically. You need to replace them with new "trusted" SSL Certificates issued by the University's Certification Authority.
The other two issues can be resolved by enabling in iLO an option called "Enforce AES Encryption"
__________________________________________________
If you feel this was helpful please click the KUDOS! thumb below!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-19-2017 11:14 AM
07-19-2017 11:14 AM
Re: ILO4 security issues
I'm not an HPE Employee