2.1 Pre-Installation Tasks

An important consideration is the security of the physical system on which you will install Oracle Linux. If possible, keep server systems in a locked data center and limit access to authorized personnel. Such personnel should also receive appropriate administrative training as human error is often the cause of a security breach. For more information about the available Oracle Linux coursework and certification options, see http://education.oracle.com.

Aside from the risks of theft and data compromise, physical security is critical because it prevents an unauthorized user from possibly modifying the system BIOS, altering the boot device, and booting from an alternate medium. If a system is not kept in a locked data center, consider password-protecting the BIOS. Consult the system manufacturer's documentation for information on setting a BIOS password. Edit the BIOS settings to disable booting from the CD-ROM drive, floppy disk drive, USB ports, and other external devices. In addition, you can configure disk encryption during installation, or password-protect the GRUB boot loader after installation.

Note

Setting a BIOS, encrypted disk, or boot-loader password requires you to enter the password whenever you reboot the system. Only disk encryption can prevent access to the data on disk when an attacker uses techniques such as resetting the BIOS, accessing the disk by booting an operating system from a memory stick, or simply removing the hard drive to read its contents on another system.