Dell Remote Access Controller 4 Version 1.70 Troubleshooting
DRAC 4
Dell Remote Access Controller 4 Security
Information in this document is subject to change without notice.
© Copyright 2006 Dell Inc. All rights reserved.
Reproduction in any manner whatsoever without the written permission of Dell Inc. is strictly
forbidden.
THIS DOCUMENT IS FOR INFORMATIONAL PURPOSES ONLY. THE CONTENT IS
PROVIDED AS IS, WITHOUT EXPRESS OR IMPLIED WARRANTIES OF ANY KIND.
Dell, the Dell Logo, and OpenManage are trademarks of Dell Inc. Other trademarks and trade
names may be used in this document to refer to either the entities claiming the marks and
names or their products. Dell disclaims proprietary interest in the marks and names of others.
Table of Contents
TERMINOLOGY...........................................................................................................................................................3
INTRODUCTION..........................................................................................................................................................5
AUTHENTICATION AND AUTHORIZATION ............................................................................................................ 6
LOGIN USING LOCAL ACCOUNT...................................................................................................................................6
RAC Login User Privilege ....................................................................................................................................6
RAC Card Configuration Privilege.......................................................................................................................6
RAC User Configuration Privilege .......................................................................................................................6
RAC Log Clear Privilege ......................................................................................................................................7
RAC Server Reset and Power-On/Off Privilege ................................................................................................. 7
RAC Console Redirection Privilege.....................................................................................................................7
RAC Virtual Media Privilege.................................................................................................................................7
RAC Test Alert Privilege ......................................................................................................................................7
RAC Debug Command Privilege.........................................................................................................................7
LOGIN USING ACTIVE DIRECTORY WITH DELL SCHEMA EXTENSION ............................................................................7
LOGIN USING ACTIVE DIRECTORY WITHOUT DELL SCHEMA EXTENSION......................................................................9
Encryption ...........................................................................................................................................................11
SSL CERTIFICATE MANAGEMENT .............................................................................................................................11
SUPPORTED SSL CIPHER SUITES.............................................................................................................................11
SECURE SHELL ENCRYPTION....................................................................................................................................11
EVENT LOGGING .....................................................................................................................................................12
LOG FORMAT............................................................................................................................................................12
LOG EVENTS.............................................................................................................................................................12
DISABLING SERVICES AND CHANGING SERVICE PORT NUMBER ................................................................................12
WEB BROWSER SECURITY........................................................................................................................................14
REMOTE CLI SECURITY ............................................................................................................................................14
LOCAL CLI SECURITY ...............................................................................................................................................14
SSH SECURITY ........................................................................................................................................................15
SNMP Security ...................................................................................................................................................15
Virtual Media Security ........................................................................................................................................15
CONSOLE REDIRECTION SECURITY...........................................................................................................................16
Authentication and Encryption...........................................................................................................................16
User Session Privacy .........................................................................................................................................17
PAGE 2 OF 17
Terminology
Term Definition
3 DES
ADS
CA
CAST 128
CD
CLI
CN
CSR
DH
DNS
DRAC 4
DSA
GUI
HTTP
HTTPS
IP
IPMI
KVM
LAN
LDAP
LDAPS
LOM
MAC
MD5
MS
NIC
NVRAM
OS
PET
PKI
RAC
RC4
RMCP
RSA
Triple Data Encryption Standard
Active Directory Services
Certificate Authorization
CAST Algorithm 128 bit
Compact Disk
Command Line Interface
Common Name
Certificate Signing Request
Diffie-hellman
Domain Name Server
Dell Remote Access Controller 4
Digital Signature Algorithm
Graphic User Interface
Hypertext Transfer Protocol
Hypertext Transfer Protocol Secure
Internet Protocol
Intelligent Platform Management Interface
Keyboard Video Mouse
Local Area Network
Lightweight Directory Access Protocol
Lightweight Directory Access Protocol Secure
Lay on Mother Board
Media Access Control
Message Digest Algorithm Number 5
Microsoft
Network Interface Card
Non Volatile Random Access Memory
Operating System
Platform Event Trap
Public Key Infrastructure
Remote Access Controller
ARC Four Algorithm
Remote Management Control Protocol
Rivest Shamir Adleman
PAGE 3 OF 17
Term Definition
SEL
SHA1
SMCLP
SMTP
SNMP
SOL
SSH
SSL
TCP
TCP/IP
TFTP
TLS1.0
UDP
URL
VLAN
VMCLI
VNC
System EvenT Log
Seane Hash Algorithm
Server Management Command Line Protocol
Simple Mail Transfer Protocol
Simple Network Management Protocol
Serial Over Lan
Secured Shell
Secured Socket Layer
Transmission Control Protocol
Transmission Control Protocol/Internet Protocol
Trivial File Transfer Protocol
Transport Layer Security
User Datagram Protocol
Uniform Resource Locator
Virtual Local Area Network
Virtual Machine Command Line Interface
Virtual Network Computing
PAGE 4 OF 17
Introduction
Today, managing distributed servers from a remote location is a critical requirement.
DRAC 4 enables users to remotely monitor, troubleshoot and repair servers, even when the
server operating system is down. DRAC 4 offers a rich set of features such as virtual media,
virtual KVM which can make the system less prone to security risks. DRAC 4 security features
mitigate the security risks that exist while data is being transmitted across the network. This
white paper briefly describes the security features that DRAC 4 uses to help ensure
authentication, authorization, privacy and data integrity.
PAGE 5 OF 17
Authentication and Authorization
Login Using Local Account
The DRAC 4 comes with a default local user account pre-configured with an administrator role.
The default user name for this account is “root” and the default password is “calvin”.
Note: Dell strongly recommends changing the default user name and password settings
during deployment of the DRAC 4.
DRAC 4 supports up to 16 local users. Each user can be enabled or disabled. You can secure
the DRAC 4 by disabling all local user accounts and using only Microsoft
®
Active Directory
®
users since MS Active Directory is considered to have stronger secure policy management.
Local users’ username and password can be changed. DRAC 4 local users’ account policy is
as following:
Anonymous user is NOT supported
NULL user name is NOT supported
NULL password is NOT supported
Maximum user name length is 16 characters
Maximum user password length is 20 characters
The DRAC 4 local user password is stored as an MD5 hashing value on its NVRAM.
DRAC 4 supports privileged-based access to a DRAC 4. Every DRAC 4 local user or MS
Active Directory user has a privilege associate with it. The privilege is per channel per user.
The privilege defines the kind of rights a user has on the DRAC 4.
The DRAC 4 offers nine privileges. Each user can have any combination of the nine privileges.
The nine privileges are as follows:
RAC Login User Privilege
This privilege allows a user to log in to the DRAC 4 card. An administrator can easily disable a
user from a DRAC 4 by removing this privilege. Removing the login privilege from a user is not
the same as deleting a user. The user will remain in the user database but will not be able to
log in and use this DRAC 4 card. An administrator can quickly re-enable the user by granting
the log in privilege without totally reconfiguring the user settings.
RAC Card Configuration Privilege
This privilege allows a user to change all DRAC 4 card configurations except for the user
configuration (for example, out-of-band NIC configuration, SNMP trap configuration, SSL
certificate configuration, and so on).
RAC User Configuration Privilege
This privilege allows a user to add or delete a user or change existing user privileges.
PAGE 6 OF 17
Loading...