Follow these guidelines to secure local and remote access to your systems:
Implement port security to limit access based upon a MAC address. Disable auto-trunking on all ports.
Limit remote configuration to specific IP addresses using SSH instead of Telnet. Telnet passes user names and passwords in clear text, potentially allowing everyone on the LAN segment to see login credentials. Set a strong password for SSH.
Configure and use version 3 (v3) of SNMP to provide secure transmissions. Versions v1 and v2c of SNMP are not secure and transmit authentication data in unencrypted text.
Change the default SNMP community string (PUBLIC) to a strong community string if SNMP is necessary. Attackers can query a community to draw a very complete network map and possibly modify management information base (MIB) values.
Do not enable SNMP set requests unless absolutely necessary. If enabled, create separate SNMP v3 users with read-only and read-write permissions.
Always log out after accessing the SP or SCP through the web interface.
Disable unused or unnecessary services, such as TCP small servers. Only enable necessary services and configure these services securely.
Disable the IPMI service if it is not used. The IPMI protocol is an insecure means of accessing the SP.
Disable the HTTP service and use HTTPS instead. In some situations, it might be necessary to temporarily enable HTTP for Java compatibility. Do so judiciously.
Disable unused switch ports.