IPMI is an iDRAC management interface that allows users to monitor and configure iDRAC. The IPMI protocol has inherent security concerns that potentially allow malicious actors to discover user credentials resulting in unauthorized actions being performed. If IPMI over LAN is not required, Dell Technologies recommends disabling this service. If IPMI over LAN is required, below are recommendations for how to configure the service as securely as possible.
Segment IPMI traffic (UDP and stateless) from the rest of the network.
Do not allow IPMI traffic from outside the network.
If using IPMI 1.5-capable BMCs, use ACLs and strict source routing to help ensure that the IPMI traffic is secure. IPMI 2.0 uses stronger encryption than IPMI 1.5.
Disable Cipher 0 - Cipher 0 is an option that is usually enabled by default that can allow authentication to be bypassed. Disabling Cipher 0 can prevent attackers from bypassing authentication and sending arbitrary IPMI commands.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\