After the networks are configured based on security principles, regular review and maintenance are needed.
Follow these guidelines to secure local and remote access to your systems:
Limit remote configuration to specific IP addresses using SSH instead of Telnet. Telnet passes user names and passwords in clear text, potentially allowing everyone on the local area network (LAN) segment to see login credentials. Set a strong password for SSH.
Use version 3 of Simple Network Management Protocol (SNMP) to provide secure transmissions. Earlier versions of SNMP are not secure and transmit authentication data in unencrypted text.
Change the default SNMP community string to a strong community string if SNMP is necessary. Some products have PUBLIC set as the default SNMP community string. Attackers can query a community to draw a very complete network map and possibly modify management information base (MIB) values.
Always log out after using the system controller if the system controller uses a browser interface.
Disable unnecessary network services, such as Transmission Control Protocol (TCP) or Hypertext Transfer Protocol (HTTP). Enable necessary network services and configure these services securely.
Create a banner message that appears at login to state that unauthorized access is prohibited. You can inform users of any important policies or rules. The banner can be used to warn users of special access restrictions for a given system, or to remind users of password policies and appropriate use.
Use access control lists to apply restrictions, where appropriate.
Set time-outs for extended sessions and set privilege levels.
Use authentication, authorization, and accounting features for local and remote access to a switch.
If possible, use the RADIUS and TACACS+ security protocols:
RADIUS (Remote Authentication Dial In User Service) is a client/server protocol that secures networks against unauthorized access.
TACACS+ (Terminal Access Controller Access-Control System) is a protocol that permits a remote access server to communicate with an authentication server to determine if a user has access to the network.
Follow LDAP security measures when using LDAP to access the system.
Use the port mirroring capability of the switch for intrusion detection system (IDS) access.
Implement port security to limit access based upon a MAC address. Disable auto-trunking on all ports.
For more information about network security, refer to the Oracle ILOM Security Guide, which is part of the Oracle ILOM documentation library. You can find the Oracle ILOM documentation at: