manualshive.com logo in svg

Sun Oracle Netra X6270 M3, Руководство по безопасности


Поделиться
Скачать
background image

Maintaining a Secure Environment

11

Local and Remote Access

Follow these guidelines to ensure the security of local and remote access to your
systems:

Follow LDAP security measures when using LDAP to access the system. Refer to
the Oracle ILOM Security Guide.

Create a banner to state that unauthorized access is prohibited.

Use access control lists where appropriate.

Set time-outs for extended sessions and set privilege levels.

Use authentication, authorization, and accounting (AAA) features for local and
remote access to a switch.

If possible, use the RADIUS and  security protocols:

RADIUS (Remote Authentication Dial In User Service) is a client/server
protocol that secures networks against unauthorized access.

 (Terminal Access Controller Access-Control System) is a protocol
that permits a remote access server to communicate with an authentication
server to determine if a user has access to the network.

Use the port mirroring capability of the switch for intrusion detection system
(IDS) access.

Implement port security to limit access based upon aMAC address. Disable
autotrunking on all ports.

Limit remote configuration to specific IP addresses using SSH instead of Telnet.
Telnet passes user names and passwords in clear text, potentially allowing
everyone on the LAN segment to see login credentials. Set a strong password for
SSH.

Early versions of SNMP are not secure and transmit authentication data in
unencrypted text. Only version 3 of SNMP can provide secure transmissions.

Some products come out of the box with PUBLIC set as the default SNMP
community string. Attackers can query a community to draw a very complete
network map and possibly modify management information base (MIB) values. If
SNMP is necessary, change the default SNMP community string to a strong
community string.

Enable logging and send logs to a dedicated secure log host.

Configure logging to include accurate time information, using NTP and
timestamps.

Review logs for possible incidents and archive them in accordance with the
security policy.

If your system controller uses a browser interface, be sure to log out after using it.

Содержание Netra X6270 M3

Страница 1: ...Netra Blade X3 2B formerly Sun Netra X6270 M3 Server Module Security Guide Part No E26849 04 November 2012 ...

Страница 2: ... concédés sous licence et soumis à des restrictions d utilisation et de divulgation Sauf disposition de votre contrat de licence ou de la loi vous ne pouvez pas copier reproduire traduire diffuser modifier breveter transmettre distribuer exposer exécuter publier ou afficher le logiciel même partiellement sous quelque forme et par quelque procédé que ce soit Par ailleurs il est interdit de procéder...

Страница 3: ... 3 Restrict Access 3 Record Serial Numbers 4 Software Security 4 Oracle ILOM Firmware 5 Operating System Security Guidelines 5 Oracle System Assistant Security Information 5 Understanding that OSA Contains a Bootable Root Environment 6 Understanding that OSA Mounts a USB Storage Device Accessible to the OS 6 Disabling OSA 6 Maintaining a Secure Environment 9 Oracle ILOM Security 9 ...

Страница 4: ...4 Netra Blade X3 2B Security Guide November 2012 Hardware Power Control 10 Asset Tracking 10 Maintaining Updates for Software and Firmware 10 Local and Remote Access 11 Data Security 12 ...

Страница 5: ...The Sun Blade X6270 M3 server module is based on two Intel R Xeon R processors in the E5 2600 family and the Intel C600 series chipset The Sun Blade X6270 M3 server module includes an on board Oracle ILOM service processor SP Basic Security Principles There are four basic security principles access authentication authorization and accounting Access Use physical and software controls to protect you...

Страница 6: ...Write Execute permissions to control user access to commands disk space devices and applications Accounting Customer IT personnel can use Oracle software and hardware features to monitor login activity and maintain hardware inventories Use system logs to monitor user logins In particular track System Administrator and Service accounts through system logs because these accounts can access powerful ...

Страница 7: ...n be secured fairly simply limit access to the hardware and record serial numbers The following topics are covered Restrict Access on page 3 Record Serial Numbers on page 4 Restrict Access Install servers and related equipment in a locked restricted access room If equipment is installed in a rack with a locking door keep the door locked except when you have to service components in the rack Lock t...

Страница 8: ...ange all default passwords when installing a new system Most types of equipment use default passwords such as changeme that are widely known and would allow unauthorized access to the equipment Change every password on network switches which might have multiple user accounts and passwords by default Limit use of the root superuser account Oracle Integrated Lights Out Manager Oracle ILOM accounts s...

Страница 9: ...s Out Manager Oracle ILOM documentation http www oracle com pls topic lookup ctx ilom31 Operating System Security Guidelines Oracle System Assistant Security Information The following post installation topics are covered Understanding that OSA Contains a Bootable Root Environment on page 6 Operating System Link Oracle Solaris OS http docs oracle com cd E23824_01 html 819 31 95 index html Oracle Li...

Страница 10: ...oot shell users of OSA from being able to read disk contents Understanding that OSA Mounts a USB Storage Device Accessible to the OS In addition to being a bootable environment Oracle System Assistant is also mounted as a USB storage device accessible to the host operating system after installation This is useful in accessing tools and drivers for maintenance and reconfiguration The OSA flash devi...

Страница 11: ...rom BIOS Once disabled it can only be re enabled from BIOS Setup It is recommended that BIOS Setup be password protected such that only authorized users can re enable OSA See the Oracle System Assistant documentation for instructions on how to disable OSA or refer to the Netra Blade X3 2B Administration Guide ...

Страница 12: ...8 Netra Blade X3 2B Security Guide November 2012 ...

Страница 13: ...ILOM Security on page 9 Hardware Power Control on page 10 Asset Tracking on page 10 Maintaining Updates for Software and Firmware on page 10 Local and Remote Access on page 11 Data Security on page 12 Oracle ILOM Security Refer to the Oracle ILOMSecurity Guide for further information on Oracle Integrated Lights OutManager Oracle ILOM For general Oracle ILOM information refer to http www oracle com...

Страница 14: ...You can read these serial numbers through local area network connections You can also use wireless radio frequency identification RFID readers to further simplify asset tracking An Oracle white paper How to Track Your Oracle Sun System Assets by Using RFID is available at http www oracle com technetwork articles systems hardware arch itecture o11 001 rfid oracle 214567 pdf Maintaining Updates for ...

Страница 15: ... switch for intrusion detection system IDS access Implement port security to limit access based upon aMAC address Disable autotrunking on all ports Limit remote configuration to specific IP addresses using SSH instead of Telnet Telnet passes user names and passwords in clear text potentially allowing everyone on the LAN segment to see login credentials Set a strong password for SSH Early versions ...

Страница 16: ... Use data encryption software to keep confidential information on hard drives secure Data destruction When disposing of an old hard drive physically destroy the drive or completely erase all the data on the drive Deleting all the files or reformatting the drive will remove only the address tables on the drive information can still be recovered from a drive after deleting files or reformatting the ...

Отзывы:

Нет отзывов

Похожие инструкции для Netra X6270 M3

TANDBERG VCS Administration Manual preview
VCS
Бренд: TANDBERG Страницы: 187
Far south networks Com.X1 PBX Getting Started preview
Com.X1 PBX
Бренд: Far south networks Страницы: 4
Buffalo TeraStation WSS WS5020N6 User Manual preview
TeraStation WSS WS5020N6
Бренд: Buffalo Страницы: 115
Vxl Itona E21S Specifications preview
Itona E21S
Бренд: Vxl Страницы: 2
Abit SI-2PS User Manual preview
SI-2PS
Бренд: Abit Страницы: 56
7thSense M101-4 User Manual preview
M101-4
Бренд: 7thSense Страницы: 28
Quatech WLNG-AN-DP500 Series Reference Manual preview
WLNG-AN-DP500 Series
Бренд: Quatech Страницы: 120
I-O DATA FIDATA HFAS1-S10U Setup Manual preview
FIDATA HFAS1-S10U
Бренд: I-O DATA Страницы: 46
QNAP TS-130 User Manual preview
TS-130
Бренд: QNAP Страницы: 39
Toshiba Strata Installation Manual preview
Strata
Бренд: Toshiba Страницы: 28
Toshiba RS-TX60 Viewer'S Manual preview
RS-TX60
Бренд: Toshiba Страницы: 204
Toshiba SD-H400 - Combination Progressive-Scan DVD Player Installation Manual preview
SD-H400 - Combination Progressive-Scan DVD Player
Бренд: Toshiba Страницы: 291
SEH IC125-FASTPOCKET-FX Installation Manual preview
IC125-FASTPOCKET-FX
Бренд: SEH Страницы: 20
SEH myUTN-52 Quick Installation Manual preview
myUTN-52
Бренд: SEH Страницы: 32
EVS XT nano Hardware Technical Reference Manual preview
XT nano
Бренд: EVS Страницы: 70
Polycom V2IU6400-S Brochure & Specs preview
V2IU6400-S
Бренд: Polycom Страницы: 2
TAG HDIT 2U Reference Manual preview
HDIT 2U
Бренд: TAG Страницы: 6
UNIVIEW VM8500-E Quick Manual preview
VM8500-E
Бренд: UNIVIEW Страницы: 44

Бренды по названию

Популярные бренды

Загрузить еще бренды