Go to main content

Sun Server X4-4

Exit Print View

Updated: June 2014
 
 

Network Security

Follow these guidelines to secure local and remote access to your systems:

  • Limit remote configuration to specific IP addresses using SSH instead of Telnet. Telnet passes user names and passwords in clear text, potentially allowing everyone on the LAN segment to see login credentials. Set a strong password for SSH.

  • Use version 3 of Simple Network Management Protocol (SNMP) to provide secure transmissions. Earlier versions of SNMP are not secure and transmit authentication data in unencrypted text.

  • Change the default SNMP community string to a strong community string if SNMP is necessary. Some products have PUBLIC set as the default SNMP community string. Attackers can query a community to draw a very complete network map and possibly modify management information base (MIB) values.

  • Always log out after using the system controller if it uses a browser interface.

  • Disable unnecessary network services, such as Transmission Control Protocol (TCP) or Hypertext Transfer Protocol (HTTP). Enable necessary network services and configure these services securely.

  • Follow LDAP security measures when using LDAP to access the system. Refer to the Oracle ILOM Security Guide at: http://www.oracle.com/goto/ILOM/docs .

  • Create a banner to state that unauthorized access is prohibited.

  • Use access control lists where appropriate.

  • Set time-outs for extended sessions and set privilege levels.

  • Use authentication, authorization, and accounting (AAA) features for local and remote access to a switch.

  • If possible, use the RADIUS and TACACS+ security protocols:

    • RADIUS (Remote Authentication Dial In User Service) is a client/server protocol that secures networks against unauthorized access

    • TACACS+ (Terminal Access Controller Access-Control System) is a protocol that permits a remote access server to communicate with an authentication server to determine if a user has access to the network.

  • Use the port mirroring capability of the switch for intrusion detection system (IDS) access.

  • Implement port security to limit access based upon a MAC address. Disable auto trunking on all ports.

Copyright © 2014, Oracle and/or its affiliates. All rights reserved. 
Previous
Next