| Skip Navigation Links | |
| Exit Print View | |
|
Netra Server X3-2 (formerly Sun Netra X4270 M3 Server) Security Guide |
| Skip Navigation Links | |
| Exit Print View | |
|
|
Netra Server X3-2 (formerly Sun Netra X4270 M3 Server) Security Guide |
Follow these security guidelines when using software and firmware tools to configure and manage your server.
Oracle System Assistant is a preinstalled tool that helps you to locally or remotely configure and update server hardware, and to install supported operating systems. For information about how to use Oracle System Assistant, refer to the server Administration Guide at:
http://docs.oracle.com/cd/E27124_01
The following information will help you to understand security issues related to Oracle System Assistant.
Oracle System Assistant contains a bootable root environment.
Oracle System Assistant is an application that runs on a preinstalled, internal USB flash drive. It is built on top of a bootable Linux root environment. Oracle System Assistant also provides the ability to access its underlying root shell. Users who have physical access to the system, or who have Remote KVMS (keyboard, video, mouse, and storage) access to the system through Oracle ILOM, will be able to access Oracle System Assistant and the root shell.
A root environment can be used to change system configuration and policies, as well as to access data on other disks. It is recommended that physical access to the server be protected and that the administrator and console privileges for Oracle ILOM users be assigned sparingly.
Oracle System Assistant mounts a USB storage device that is accessible to the operating system.
In addition to being a bootable environment, Oracle System Assistant is also mounted as a USB storage device (flash drive) that is accessible to the host operating system after installation. This is useful when accessing tools and drivers for maintenance and reconfiguration. The Oracle System Assistant USB storage device is both readable and writable and could potentially be exploited by viruses.
It is recommended that the same methods for protecting disks be applied to the Oracle System Assistant storage device, including regular virus scans and integrity checking.
Oracle System Assistant can be disabled.
Oracle System Assistant is a useful tool in helping to set up the server, update and configure firmware, and install the host operating system. However, if the security implications described above are unacceptable, or if the tool is not needed, Oracle System Assistant can be disabled. Disabling Oracle System Assistant means that the USB storage device will no longer be accessible to the host operating system. In addition, it will not be possible to boot Oracle System Assistant.
You can disable Oracle System Assistant from either the tool itself or from BIOS. Once disabled, Oracle System Assistant can only be re-enabled from the BIOS Setup Utility. It is recommended that BIOS Setup be password-protected so that only authorized users can re-enable Oracle System Assistant. For information about how to disable and re-enable Oracle System Assistant, refer to the server Administration Guide.
You can actively secure, manage, and monitor system components using Oracle Integrated Lights Out Manager (Oracle ILOM) management firmware, which is preinstalled on the server, other Oracle x86-based servers, and on some Oracle SPARC-based servers.
Use a dedicated network for the service processor to separate it from the general network. Limit the use of the root superuser account. Instead, assign Oracle ILOM accounts such as ilom-operator and ilom-admin whenever possible. Change all default passwords when installing a new system. Most types of equipment use default passwords, such as changeme, that are widely known and would allow unauthorized access to the equipment.
Refer to Oracle ILOM documentation to understand more about setting up passwords, managing users, and applying security-related features, including Secure Shell (SSH), Secure Socket Layer (SSL), and RADIUS authentication. For security guidelines that are specific to Oracle ILOM, refer to the Oracle Integrated Lights Out Manager (ILOM) 3.1 Security Guide, which is part of the Oracle ILOM 3.1 documentation library. You can find the Oracle ILOM 3.1 documentation at:
http://docs.oracle.com/cd/E24707_01
Oracle Hardware Management Pack is available for your server, and for many other x86-based servers and some SPARC servers. Oracle Hardware Management Pack features two components: an SNMP monitoring agent and a family of cross-operating system command-line interface tools (CLI Tools) for managing your server.
With the Hardware Management Agent SNMP Plugins, you can use SNMP to monitor Oracle servers and server modules in your data center with the advantage of not having to connect to two management points, the host and Oracle ILOM. This functionality enables you to use a single IP address (the host’s IP address) to monitor multiple servers and server modules. The SNMP Plugins run on the host operating system of Oracle servers.
You can use the Oracle Server CLI Tools to configure Oracle servers. The CLI Tools work with Oracle Solaris, Oracle Linux, Oracle VM, other variants of Linux, and Microsoft Windows operating systems.
Refer to the Oracle Hardware Management Pack documentation for more information about these features. For security guidelines that are specific to Oracle Hardware Management Pack, refer to the Oracle Hardware Management Pack (HMP) Security Guide, which is part of the Oracle Hardware Management Pack documentation library. You can find the Oracle Hardware Management Pack documentation at:
|