| Skip Navigation Links | |
| Exit Print View | |
|
Sun Server X3-2L Security Guide |
Follow these security guidelines when using software and firmware tools to configure and manage your server.
Contact your IT Security Officer for additional security requirements that pertain to your system and specific environment.
Oracle System Assistant is a preinstalled tool that helps you to locally or remotely configure and update server hardware, and to install supported operating systems. For information about how to use Oracle System Assistant, refer to the Sun Server X3-2L (formerly Sun Fire X4270 M3) Administration Guide at:
http://docs.oracle.com/cd/E23393_01/pdf/E23402.pdf
The following information will help you to understand security issues related to Oracle System Assistant.
Oracle System Assistant contains a bootable root environment
Oracle System Assistant is an application that runs on a preinstalled, internal USB flash drive. It is built on top of a bootable Linux root environment. Oracle System Assistant also provides the ability to access its underlying root shell. Users who have physical access to the system, or who have remote KVMS (keyboard, video, mouse, and storage) access to the system through Oracle ILOM, will be able to access Oracle System Assistant and the root shell.
A root environment can be used to change system configuration and policies, as well as to access data on other disks. To increase security, protect physical access to the server and assign administrator and console privileges for Oracle ILOM users sparingly.
The Oracle System Assistant shell is designed to permit users with appropriate privileges to use the Oracle Hardware Management Pack CLI Tools for systems management purposes. The shell is not designed to provide network services. These are disabled by default to ensure the highest level of security and should not be enabled.
Oracle System Assistant mounts a USB storage device that is accessible to the operating system
In addition to being a bootable environment, Oracle System Assistant is also mounted as a USB storage device (flash drive) that is accessible to the host operating system after installation. This is useful when accessing tools and drivers for maintenance and reconfiguration. The Oracle System Assistant USB storage device is both readable and writable and could potentially be exploited by viruses.
For increased security, apply to the Oracle System Assistant storage device the same methods you use for protecting disks, including regular virus scans and integrity checking.
Oracle System Assistant can be disabled
Oracle System Assistant is a useful tool to help set up the server, update and configure firmware, and install the host operating system. However, if the security implications described above are unacceptable, or if the tool is not needed, Oracle System Assistant can be disabled. Disabling Oracle System Assistant means that the USB storage device will no longer be accessible to the host operating system. In addition, it will not be possible to boot Oracle System Assistant.
You can disable Oracle System Assistant from either the tool itself or from BIOS. Once disabled, Oracle System Assistant can only be re-enabled from the BIOS Setup Utility. It is recommended that BIOS Setup be password-protected so that only authorized users can re-enable Oracle System Assistant.
Refer to the Oracle System Assistant documentation
For information about Oracle System Assistant features and functions, refer to the Sun Server X3-2L (formerly Sun Fire X4270 M3) Administration Guide at:
http://docs.oracle.com/cd/E23393_01/pdf/E23402.pdf
You can actively secure, manage, and monitor system components using Oracle Integrated Lights Out Manager (ILOM) management firmware, which is embedded on Oracle x86-based servers and Oracle SPARC-based servers. Depending on the authorization level granted to system administrators, functions might include the ability to power off the server, create user accounts, mount remote storage devices, and so on.
Use a secure, internal trusted network
Whether you establish a physical management connection to Oracle ILOM through the local serial port, dedicated network management port, or the standard data network port, it is essential that this physical port on the server is always connected to an internal trusted network, or a dedicated secure management or private network.
Never connect the Oracle ILOM service processor (SP) to a public network, such as the Internet. You should keep the Oracle ILOM SP management traffic on a separate management network and grant access only to system administrators.
Limit the use of the default Administrator account
Limit the use of the default Administrator account (root) to the initial Oracle ILOM login. This default Administrator account is provided only to aid with the initial server installation. Therefore, to ensure the most secure environment, you must change the default Administrator password (changeme) as part of the initial setup of the system. Gaining access to the default Administrator account gives a user unrestricted access to all features of Oracle ILOM. In addition, establish new user accounts with unique passwords and assigned authorization levels (user roles) for each new Oracle ILOM user.
Carefully consider risks when connecting the serial port to a terminal server
Terminal devices do not always provide the appropriate levels of user authentication or authorization that are required to secure the network from malicious intrusions. To protect your system from unwanted network intrusions, do not establish a serial connection (serial port) to Oracle ILOM through any type of network redirection device, such as a terminal server, unless the server has sufficient access controls.
In addition, certain Oracle ILOM functions, such as password reset and the Preboot menu, are only made available using the physical serial port. Connecting the serial port to a network using an unauthenticated terminal server removes the need for physical access, and lowers the security associated with these functions.
Access to the Preboot menu requires physical access to the server
The Oracle ILOM Preboot menu is a powerful utility that provides a way to reset Oracle ILOM to default values, and to flash firmware if Oracle ILOM were to become unresponsive. Once Oracle ILOM has been reset, a user is then required to either press a button on the server (the default) or type a password. The Oracle ILOM Physical Presence property controls this behavior (check_physical_presence=true). For maximum security when accessing the Preboot menu, do not change the default setting (true), so that access to the Preboot menu always requires physical access to the server.
Refer to the Oracle ILOM documentation
Refer to Oracle ILOM documentation to learn more about setting up passwords, managing users, and applying security-related features. For security guidelines that are specific to Oracle ILOM, refer to the Oracle ILOM Security Guide, which is part of the Oracle ILOM documentation library. You can find the Oracle ILOM documentation at:
http://www.oracle.com/goto/ILOM/docs
Oracle Hardware Management Pack is available for your server, and for many other x86-based servers and some SPARC servers. Oracle Hardware Management Pack features two components: an SNMP monitoring agent and a family of cross-operating system command-line interface tools (CLI Tools) for managing your server.
Use Hardware Management Agent SNMP Plugins
SNMP is a standard protocol used to monitor or manage a system. With the Hardware Management Agent SNMP Plugins, you can use SNMP to monitor Oracle servers in your data center with the advantage of not having to connect to two management points, the host and Oracle ILOM. This functionality enables you to use a single IP address (the host's IP address) to monitor multiple servers.
The SNMP Plugins run on the host operating system of Oracle servers. The SNMP Plugin module extends the native SNMP agent in the host operating system to provide additional Oracle MIB capabilities. Oracle Hardware Management Pack itself does not contain an SNMP agent. For Linux, a module is added to the net-snmp agent. For Solaris, a module is added to the Solaris Management Agent. For Windows, the Plugin extends the native SNMP service. Any security settings related to SNMP for the Oracle Hardware Management Pack are determined by the settings of the native SNMP agent or service, and not by the Plugin.
Note that SNMPv1 and SNMP v2c provide no encryption and use community strings as a form of authentication. SNMPv3 is more secure and is the recommended version to use because it employs encryption to provide a secure channel, as well as individual user names and passwords.
Refer to the Oracle Hardware Management Pack documentation
Refer to the Oracle Hardware Management Pack documentation for more information about these features. For security guidelines that are specific to Oracle Hardware Management Pack, refer to the Oracle Hardware Management Pack (HMP) Security Guide, which is part of the Oracle Hardware Management Pack documentation library. You can find the Oracle Hardware Management Pack documentation at:
|