Basic security consists of four principles: access, authentication, authorization, and accounting.
Access refers to physical access to hardware, or physical or virtual access to software.
Use physical and software controls to protect your hardware and data from intrusion.
Refer to the documentation that came with your software to enable any security features available for the software.
Install servers and related equipment in a locked, restricted access room.
If equipment is installed in a rack with a locking door, keep the door locked except when you have to service components in the rack.
Restrict access to connectors or ports, which can provide more powerful access than SSH connections. Devices such as system controllers, power distribution units (PDUs), and network switches provide connectors and ports.
Restrict access to hot-plug or hot-swap devices in particular because they can be easily removed.
Store spare field-replaceable units (FRUs) and customer-replaceable units (CRUs) in a locked cabinet. Restrict access to the locked cabinet to authorized personnel.
Authentication consists of ensuring that users of hardware or software are who they say they are.
Set up authentication features such as a password system in your platform operating systems to ensure that users are who they say they are.
Ensure that your personnel use employee badges properly to enter the computer room.
For user accounts: use access control lists where appropriate; set time-outs for extended sessions; set privilege levels for users.
Authorization refers to restrictions that limit access to hardware and software.
Allow personnel to work only with hardware and software that is relevant to their job description, and that they are trained and qualified to use.
Set up a system of Read/Write/Execute permissions to control user access to commands, disk space, devices, and applications.
Accounting refers to software and hardware features used to monitor login activity and maintenance of hardware inventories.
Use system logs to monitor user logins. Monitor system administrator and service accounts in particular because those accounts can access powerful commands.
Keep a record of the serial numbers of all your hardware. Use component serial numbers to track system assets. Oracle part numbers are electronically recorded on cards, modules, and components.
To detect and track components, provide a security mark on all significant items of computer hardware such as FRUs. Use special ultraviolet pens or embossed labels.