manualshive.com logo in svg

Oracle netra X5-2, Руководство по безопасности

Поделиться
Скачать
Oracle netra X5-2 Скачать руководство пользователя страница 17

VLAN Security

Manage switches out-of-band (separated from data traffic). If out-of-band management is

not feasible, then dedicate a separate virtual local area network (VLAN) number for in-band

management.

Use the port mirroring capability of the network switch for intrusion detection system (IDS)

access.

Maintain a switch configuration file off-line and limit access only to authorized

administrators. The configuration file should contain descriptive comments for each setting.

Implement port security to limit access based upon MAC addresses. Disable auto-trunking

on all ports.

Use these port security features if they are available on your switch:

MAC Locking

 involves associating a Media Access Control (MAC) address of one

or more connected devices to a physical port on a switch. If you lock a switch port to

a particular MAC address, superusers cannot create backdoors into your network with

rogue access points.

MAC Lockout

 disables a specified MAC address from connecting to a switch.

MAC Learning

 uses the knowledge about each switch port's direct connections so that

the network switch can set security based on current connections.

VLAN Security

If you set up a virtual local area network (VLAN), remember that VLANs share bandwidth on a

network and require additional security measures.

Separate sensitive clusters of systems from the rest of the network when using VLANs.

This decreases the likelihood that users will gain access to information on these clients and

servers.

Assign a unique native VLAN number to trunk ports.

Limit the VLANs that can be transported over a trunk to only those that are strictly required.

Disable VLAN Trunking Protocol (VTP), if possible. Otherwise, set the following for VTP:

management domain, password, and pruning. Then set VTP into transparent mode.

Use static VLAN configurations, when possible.

Disable unused switch ports and assign them an unused VLAN number.

InfiniBand Security

Keep InfiniBand hosts secure. An InfiniBand fabric is only as secure as its least secure

InfiniBand host.

Planning a Secure Environment

17

Содержание netra X5-2

Страница 1: ...Oracle Server X5 2 Security Guide Part No E48323 03 May 2015 ...

Страница 2: ......

Страница 3: ...rmation management applications It is not developed or intended for use in any inherently dangerous applications including applications that may create a risk of personal injury If you use this software or hardware in dangerous applications then you shall be responsible to take all appropriate fail safe backup redundancy and other measures to ensure its safe use Oracle Corporation and its affiliat...

Страница 4: ...n des informations Ce logiciel ou matériel n est pas conçu ni n est destiné à être utilisé dans des applications à risque notamment dans des applications pouvant causer un risque de dommages corporels Si vous utilisez ce logiciel ou ce matériel dans le cadre d applications dangereuses il est de votre responsabilité de prendre toutes les mesures de secours de sauvegarde de redondance et autres mesu...

Страница 5: ... Security 12 Oracle Hardware Management Pack Security 14 Planning a Secure Environment 15 Password Protection 15 Operating System Security Guidelines 16 Network Switches and Ports 16 VLAN Security 17 InfiniBand Security 17 Maintaining a Secure Environment 19 Power Control 19 Asset Tracking 19 Updates for Software and Firmware 20 Network Security 20 Data Protection and Security 21 Log Maintenance 2...

Страница 6: ...6 Oracle Server X5 2 Security Guide May 2015 ...

Страница 7: ...n Change all default passwords when installing a new system Most types of equipment use default passwords such as changeme that are widely known and could allow unauthorized access to hardware or software Refer to the documentation that came with your software to enable any security features available for the software Install servers and related equipment in a locked restricted access room If equi...

Страница 8: ...lege levels for users Authorization Authorization allows administrators to control what tasks or privileges a user may perform or use Personnel can only perform the tasks and use the privileges that have been assigned to them Authorization refers to restrictions placed on personnel to work with hardware and software Allow personnel to work only with hardware and software that they are trained and ...

Страница 9: ...orded on cards modules and motherboards and can be used for inventory purposes To detect and track components provide a security mark on all significant items of computer hardware such as FRUs and CRUs Use special ultraviolet pens or embossed labels Keep hardware activation keys and licenses in a secure location that is easily accessible to the system administrator especially during system emergen...

Страница 10: ...10 Oracle Server X5 2 Security Guide May 2015 ...

Страница 11: ... com goto x86AdminDiag docs The following information describes security issues related to Oracle System Assistant Oracle System Assistant contains a bootable root environment Oracle System Assistant is an application that runs on a preinstalled internal USB flash drive Oracle System Assistant is built on top of a bootable Linux root environment Oracle System Assistant also provides the ability to...

Страница 12: ... the host operating system However if the security implications described above are unacceptable or if the tool is not needed Oracle System Assistant can be disabled After disabling Oracle System Assistant the USB storage device is no longer accessible to the host operating system and users will be unable to boot into Oracle System Assistant You can disable Oracle System Assistant from either the ...

Страница 13: ...s To protect your system from unwanted network intrusions do not establish a serial connection serial port to Oracle ILOM through any type of network redirection device such as a terminal server unless the server has sufficient access controls In addition certain Oracle ILOM functions such as password reset and the Preboot menu are only made available using the physical serial port Connecting the ...

Страница 14: ...s Oracle Hardware Management Pack itself does not contain an SNMP agent For Linux a module is added to the net snmp agent For Oracle Solaris a module is added to the Oracle Solaris Management Agent For Microsoft Windows the Plugin extends the native SNMP service Any security settings related to SNMP for the Oracle Hardware Management Pack are determined by the settings of the native SNMP agent or ...

Страница 15: ...quirements that pertain to your system and specific environment Password Protection Passwords are an important aspect of security since poorly chosen passwords could result in unauthorized access to company resources Implementing password management best practices ensures that users adhere to a set of guidelines for creating and protecting their passwords Typical components of a password policy sh...

Страница 16: ...ng system To find the Security Guide document for an Oracle operating system go to the Oracle operating system documentation library Operating System Link Oracle Solaris OS http www oracle com technetwork documentation solaris 11 192991 html Oracle Linux OS http www oracle com technetwork documentation ol 1 1861776 html Oracle VM http www oracle com technetwork documentation vm 096300 html For inf...

Страница 17: ...disables a specified MAC address from connecting to a switch MAC Learning uses the knowledge about each switch port s direct connections so that the network switch can set security based on current connections VLAN Security If you set up a virtual local area network VLAN remember that VLANs share bandwidth on a network and require additional security measures Separate sensitive clusters of systems...

Страница 18: ...and Security Note that partitioning does not protect an InfiniBand fabric Partitioning only offers InfiniBand traffic isolation between virtual machines on a host 18 Oracle Server X5 2 Security Guide May 2015 ...

Страница 19: ...ments that pertain to your system and specific environment Power Control You can use software to turn on and off power to some Oracle systems The power distribution units PDUs for some system cabinets can be enabled and disabled remotely Authorization for these commands is typically set up during system configuration and is usually limited to system administrators and service personnel Refer to yo...

Страница 20: ... and might require patches and firmware updates You can find software updates and security patches on the My Oracle Support web site at http support oracle com Network Security After the networks are configured based on security principles regular review and maintenance are needed Follow these guidelines to secure local and remote access to your systems Limit remote configuration to specific IP ad...

Страница 21: ...d remote access to a switch Use these services in very secure environments as they are secured by certificates and other forms of strong encryption to protect the channel Active Directory LDAP SSL Lightweight Directory Access Protocol Secure Socket Layer Use these services on private secure networks where there are no suspected malicious users RADIUS Remote Authentication Dial In User Service TACA...

Страница 22: ...s of such sensitivity that the only proper sanitation method is physical destruction of the hard drive by means of pulverization or incineration Organizations are strongly encouraged to refer to their data protection policies to determine the most appropriate method to sanitize hard drives Caution Disk wiping software might not be able to delete some data on modern hard drives especially solid sta...

Отзывы:

Нет отзывов

Бренды по названию

Популярные бренды

Загрузить еще бренды