4
Netra Blade X3-2B Security Guide • November 2012
■
Restrict access to hot-plug or hot-swap devices in particular because they can be
easily removed.
■
Store spare field-replaceable units (FRUs) or customer-replaceable units (CRUs) in
a locked cabinet. Restrict access to the locked cabinet to authorized personnel.
Record Serial Numbers
■
Security-mark all significant items of computer hardware such as FRUs. Use
special ultraviolet pens or embossed labels.
■
Keep a record of the serial numbers of all your hardware.
■
Keep hardware activation keys and licenses in a secure location that is easily
accessible to the system manager in system emergencies. The printed documents
might be your only proof of ownership.
Software Security
Most hardware security is implemented through software measures.
■
Change all default passwords when installing a new system.Most types of
equipment use default passwords, such as changeme, that are widely known and
would allow unauthorized access to the equipment.
■
Change every password on network switches which might have multiple user
accounts and passwords by default.
■
Limit use of the root superuser account. Oracle Integrated Lights Out Manager
(Oracle ILOM) accounts such as
ilom-operator
and
ilom-admin
should be
used instead whenever possible.
■
Use a dedicated network for service processors to separate them from the general
network.
■
Protect access to USB consoles.Devices such as system controllers, power
distribution units (PDUs), and network switches can have USB connections, which
can provide more powerful access than SSH connections.
■
Refer to the documentation that came with your software to enable any security
features available for the software.
■
Implement port security to limit access based upon MAC addresses. Disable
autotrunking on all ports.
