| Skip Navigation Links | |
| Exit Print View | |
|
Netra Server X3-2 (formerly Sun Netra X4270 M3 Server) Security Guide |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Netra Server X3-2 (formerly Sun Netra X4270 M3 Server) Security Guide |
After the initial installation and configuration, use Oracle hardware and software security features to continue controlling hardware and tracking system assets.
You can use software to turn power on and off to some Oracle systems. The power distribution units (PDUs) for some system cabinets can be enabled and disabled remotely. Authorization for these commands is typically set up during system configuration and is usually limited to system administrators and service personnel. Refer to your system or cabinet documentation for further information.
Use serial numbers to track inventory. Oracle embeds serial numbers in firmware on option cards and system motherboards. You can read these serial numbers through local area network connections.
You can also use wireless radio frequency identification (RFID) readers to further simplify asset tracking. An Oracle white paper, How to Track Your Oracle Sun System Assets by Using RFID, is available at:
Keep your software and firmware versions current on your server equipment.
Check regularly for updates.
Always install the latest released version of the software or firmware.
Install any necessary security patches for your software.
Remember that devices such as network switches also contain firmware and might require patches and firmware updates.
Follow these guidelines to secure local and remote access to your systems.
Limit remote configuration to specific IP addresses using SSH instead of Telnet. Telnet passes user names and passwords in clear text, potentially allowing everyone on the LAN segment to see login credentials. Set a strong password for SSH.
Use version 3 of Simple Network Management Protocol (SNMP) to provide secure transmissions. Earlier versions of SNMP are not secure and transmit authentication data in unencrypted text.
Change the default SNMP community string to a strong community string if SNMP is necessary. Some products have PUBLIC set as the default SNMP community string. Attackers can query a community to draw a very complete network map and possibly modify management information base (MIB) values.
Always log out after using the system controller if it uses a browser interface.
Disable unnecessary network services, such as Transmission Control Protocol (TCP) or Hypertext Transfer Protocol (HTTP). Enable necessary network services and configure these services securely.
Follow these guidelines to maximize data security.
Back up important data using devices such as external hard drives, pen drives, or memory sticks. Store the backed up data in a second, off-site, secure location.
Use data encryption software to keep confidential information on hard drives secure.
When disposing of an old hard drive, physically destroy the drive or completely erase all the data on the drive. Information can still be recovered from a drive after files are deleted or the drive has been reformatted. Deleting the files or reformatting the drive removes only the address tables on the drive. Use disk wiping software to completely erase all data on a drive.
Inspect and maintain your log files on a regular schedule. Use these methods to secure log files.
Enable logging and send system logs to a dedicated secure log host.
Configure logging to include accurate time information, using Network Time Protocol (NTP) and timestamps.
Review logs for possible incidents and archive them in accordance with a security policy.
Periodically archive log files when they exceed a reasonable size, and then reset the logs. You can use the archived files for reference or statistical analysis.
|