Sun Datacenter InfiniBand Switch 36 Security Guide
3
■
Store spare replaceable components in a locked cabinet. Allow access to the
locked cabinet by authorized personnel only.
■
Record serial numbers
■
Security-mark all significant items including replaceable components. Use
special ultraviolet pens or embossed labels.
■
Keep a serial number record of all your hardware.
■
Keep copies of invoices, purchasing records, and licenses in a secure location
that is easily accessible to the system manager during system emergencies.
These printed documents might be the only proof of ownership.
Software Security
Most hardware security is implemented through software measures.
■
Refer to the switch documentation for additional guidelines to implement security
features within the firmware.
■
Implement port security to limit access based upon MAC addresses. Disable
auto-trunking on all ports.
■
Manage the switch out-of-band on a separate dedicated network. This
management network is separate from data traffic and the general network.
■
If out-of-band management is not feasible, then dedicate a unique VLAN number
solely for in-band management.
■
Change all default passwords when installing a new switch. The switch has four
default user accounts and respective passwords:
■
ilom-admin
– The
ilom-admin
user has administrator privileges for the CLI,
web, and IPMI interfaces. The default password is
ilom-admin
. Change the
password with the Oracle ILOM
set /SP/users/ilom-admin password
command.
■
ilom-operator
– The
ilom-operator
user has read-only privileges for the
CLI and web interfaces. The default password is
ilom-operator
. Change the
password with the Oracle ILOM
set /SP/users/ilom-operator
password
command.
■
root
– The
root
user has superuser privileges. The default password is
changeme
. Change the password with the
passwd
command.
■
nm2user
– The
nm2user
has read-only privileges for the CLI interface. The
default password is
changeme
. Change the password with the
passwd
command.
■
Schedule and regularly change every password on the switch, especially when
configured with additional user accounts.