background image

SPARC M8 and SPARC M7 Servers Security Guide

Part No: E55218-02

Copyright 

©

 2015, 2017, Oracle and/or its affiliates. All rights reserved.

This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual property laws. Except

as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license, transmit, distribute, exhibit, perform,

publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software, unless required by law for interoperability, is

prohibited.

The information contained herein is subject to change without notice and is not warranted to be error-free. If you find any errors, please report them to us in writing.

If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, then the following notice is applicable:

U.S. GOVERNMENT END USERS: Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or documentation,

delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and agency-specific supplemental

regulations. As such, use, duplication, disclosure, modification, and adaptation of the programs, including any operating system, integrated software, any programs installed on the

hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the programs. No other rights are granted to the U.S. Government.

This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently dangerous

applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall be responsible to take all

appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its affiliates disclaim any liability for any damages caused by use of this

software or hardware in dangerous applications.

Oracle and Java are registered trademarks of Oracle and/or its affiliates. Other names may be trademarks of their respective owners.

Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered trademarks of

SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro Devices. UNIX is a registered

trademark of The Open Group.

This software or hardware and documentation may provide access to or information about content, products, and services from third parties. Oracle Corporation and its affiliates are

not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services unless otherwise set forth in an applicable agreement

between you and Oracle. Oracle Corporation and its affiliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content,

products, or services, except as set forth in an applicable agreement between you and Oracle.

Access to Oracle Support

Oracle customers that have purchased support have access to electronic support through My Oracle Support. For information, visit 

http://www.oracle.com/pls/topic/lookup?

ctx=acc&id=info

 or visit 

http://www.oracle.com/pls/topic/lookup?ctx=acc&id=trs

 if you are hearing impaired.

Summary of Contents for SPARC M7

Page 1: ...SPARC M8 and SPARC M7 Servers Security Guide Part No E55218 02 September 2017 ...

Page 2: ......

Page 3: ...f information management applications It is not developed or intended for use in any inherently dangerous applications including applications that may create a risk of personal injury If you use this software or hardware in dangerous applications then you shall be responsible to take all appropriate fail safe backup redundancy and other measures to ensure its safe use Oracle Corporation and its af...

Page 4: ...n des informations Ce logiciel ou matériel n est pas conçu ni n est destiné à être utilisé dans des applications à risque notamment dans des applications pouvant causer un risque de dommages corporels Si vous utilisez ce logiciel ou ce matériel dans le cadre d applications dangereuses il est de votre responsabilité de prendre toutes les mesures de secours de sauvegarde de redondance et autres mesu...

Page 5: ...f information management applications It is not developed or intended for use in any inherently dangerous applications including applications that may create a risk of personal injury If you use this software or hardware in dangerous applications then you shall be responsible to take all appropriate fail safe backup redundancy and other measures to ensure its safe use Oracle Corporation and its af...

Page 6: ...n des informations Ce logiciel ou matériel n est pas conçu ni n est destiné à être utilisé dans des applications à risque notamment dans des applications pouvant causer un risque de dommages corporels Si vous utilisez ce logiciel ou ce matériel dans le cadre d applications dangereuses il est de votre responsabilité de prendre toutes les mesures de secours de sauvegarde de redondance et autres mesu...

Page 7: ...d Access Oracle Solaris OS 11 Prevent Unauthorized Access Oracle ILOM 11 Prevent Unauthorized Access Oracle VM Server for SPARC 12 Restricting Access OBP 12 Implement Password Protection 12 Enable the Security Mode 13 Disable the Security Mode 14 Check for Failed Log Ins OBP 14 Provide a Power On Banner 14 Oracle System Firmware 15 Secure WAN Boot 15 7 ...

Page 8: ...8 SPARC M8 and SPARC M7 Servers Security Guide September 2017 ...

Page 9: ...ccess to hot plug or hot swap devices Store all spare replacement parts in a locked cabinet Restrict access to the locked cabinet to authorized personnel Periodically verify the status and integrity of the locks on the rack and the spares cabinet to guard against or detect tampering or doors being accidentally left unlocked Store cabinet keys in a secure location with limited access Restrict acces...

Page 10: ...s radio frequency identification RFID readers can further simplify asset tracking An Oracle white paper How to Track Your Oracle Sun System Assets by Using RFID is available at http www oracle com technetwork articles systems hardware architecture o11 001 rfid oracle 214567 pdf Hard Drives Hard drives hard disk drives and solid state drives are often used to store sensitive information To protect ...

Page 11: ...ftware harden the OS use security features and protect applications Obtain the Oracle Solaris Security Guidelines document for the version you are using at http www oracle com goto solaris11 docs http www oracle com goto solaris10 docs Prevent Unauthorized Access Oracle ILOM 1 Use Oracle ILOM commands to restrict access to the Oracle ILOM software change the factory set password limit the use of t...

Page 12: ...Oracle VM for SPARC commands to restrict access to the Oracle VM for SPARC software Obtain the Oracle VM for SPARC Security Guide at http www oracle com goto vm sparc docs Restricting Access OBP These topics describe how to restrict access at the OBP prompt Implement Password Protection on page 12 Enable the Security Mode on page 13 Disable the Security Mode on page 14 Check for Failed Log Ins OBP...

Page 13: ...ssword is required to perform any action including normal operations such as boot When set to command a password is not required for the boot or go commands but all other commands require a password For business continuity reasons set the security mode parameter to command as in the following example 0 ok setenv security mode command 0 ok 2 Obtain the security mode prompt After setting the securit...

Page 14: ... access the OpenBoot environment by using the security badlogins parameter as in the following example ok printenv security badlogins If this command returns any value greater than Ø a failed attempt to access the OpenBoot environment was recorded 2 Reset the parameter by typing ok setenv security badlogins 0 Provide a Power On Banner Although it is not a direct preventative or detective control a...

Page 15: ...ocs oracle com cd E55211_01 Secure WAN Boot WAN boot supports varying levels of security You can use a combination of the security features that are supported in WAN boot to meet the needs of your network A more secure configuration requires more administration but also protects your system data to a greater extent For the Oracle Solaris 10 OS refer to the information on securing WAN boot installa...

Page 16: ...16 SPARC M8 and SPARC M7 Servers Security Guide September 2017 ...

Reviews: