| Skip Navigation Links | |
| Exit Print View | |
|
Netra Server X3-2 (formerly Sun Netra X4270 M3 Server) Security Guide |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Netra Server X3-2 (formerly Sun Netra X4270 M3 Server) Security Guide |
Use the following information when installing and configuring the server and related equipment.
Refer to Oracle operating system (OS) documents for information on:
How to use security features when configuring your systems
How to operate securely when you add applications and users to a system
How to protect network-based applications
Security Guide documents for supported Oracle operating systems are part of the documentation library for the operating system. To find the Security Guide document for an Oracle operating system, go to the Oracle operating system documentation library:
Oracle Solaris - http://docs.oracle.com/cd/E23824_01
Oracle Linux - http://linux.oracle.com/documentation/
Oracle VM - http://www.oracle.com/technetwork/documentation/vm-096300.html
Different switches offer different levels of port security features. Refer to the switch documentation to learn how to do the following.
Use authentication, authorization, and accounting features for local and remote access to the switch.
Change every password on network switches that might have multiple user accounts and passwords by default.
Manage switches out-of-band (separated from data traffic). If out-of-band management is not feasible, then dedicate a separate virtual local area network (VLAN) number for in-band management.
Use the port mirroring capability of the network switch for intrusion detection system (IDS) access.
Maintain a switch configuration file off-line and limit access only to authorized administrators. The configuration file should contain descriptive comments for each setting.
Implement port security to limit access based upon MAC addresses. Disable auto-trunking on all ports.
Use these port security features if they are available on your switch:
MAC Locking involves associating a Media Access Control (MAC) address of one or more connected devices to a physical port on a switch. If you lock a switch port to a particular MAC address, superusers cannot create backdoors into your network with rogue access points.
MAC Lockout disables a specified MAC address from connecting to a switch.
MAC Learning uses the knowledge about each switch port’s direct connections so that the network switch can set security based on current connections.
If you set up a virtual local area network (VLAN), remember that VLANs share bandwidth on a network and require additional security measures.
Define VLANs to separate sensitive clusters of systems from the rest of the network. This decreases the likelihood that users will gain access to information on these clients and servers.
Assign a unique native VLAN number to trunk ports.
Limit the VLANs that can be transported over a trunk to only those that are strictly required.
Disable VLAN Trunking Protocol (VTP), if possible. Otherwise, set the following for VTP: management domain, password, and pruning. Then set VTP into transparent mode.
Keep Infiniband hosts secure. An Infiniband fabric is only as secure as its least secure Infiniband host.
Note that partitioning does not protect an Infiniband fabric. Partitioning only offers Infiniband traffic isolation between virtual machines on a host.
Use static VLAN configuration, when possible.
Disable unused switch ports and assign them an unused VLAN number.
|