However, like for any other management interface, good security practices dictate the placement of the IPMI management port on a dedicated management LAN or VLAN.
OK this is the standard way to mitigate possible attacks from the pubblic Internet: but what about possible backdoors in IPMI software?