Netra Server X5-2 Security Guide

Exit Print View

Updated: May 2015

Network Security

After the networks are configured based on security principles, regular review and maintenance are needed.

Follow these guidelines to secure local and remote access to your systems:

  • Limit remote configuration to specific IP addresses using SSH instead of Telnet. Telnet passes user names and passwords in clear text, potentially allowing everyone on the local area network (LAN) segment to see login credentials. Set a strong password for SSH.

  • Use version 3 of Simple Network Management Protocol (SNMP) to provide secure transmissions. Earlier versions of SNMP are not secure and transmit authentication data in unencrypted text. SNMPv3 uses encryption to provide a secure channel as well as individual user names and passwords.

  • Change the default SNMP community string to a strong community string if SNMPv1 or SNMPv2 is necessary. Some products have PUBLIC set as the default SNMP community string. Attackers can query a community to draw a very complete network map and possibly modify management information base (MIB) values.

  • Always log out after using the system controller if the system controller uses a browser interface.

  • Disable unnecessary network services, such as Transmission Control Protocol (TCP) or Hypertext Transfer Protocol (HTTP). Enable necessary network services and configure these services securely.

  • Create a banner message that appears at login to state that unauthorized access is prohibited. You can inform users of any important policies or rules. The banner can be used to warn users of special access restrictions for a given system, or to remind users of password policies and appropriate use.

  • Use access control lists to apply restrictions, where appropriate.

  • Set time-outs for extended sessions and set privilege levels.

  • Use authentication, authorization, and accounting features for local and remote access to a switch.

  • Use these services in very secure environments as they are secured by certificates and other forms of strong encryption to protect the channel:

    • Active Directory

    • LDAP/SSL (Lightweight Directory Access Protocol/Secure Socket Layer)

  • Use these services on private, secure networks where there are no suspected malicious users:

    • RADIUS (Remote Authentication Dial In User Service)

    • TACACS+ (Terminal Access Controller Access-Control System)

  • Use the port mirroring capability of the switch for intrusion detection system (IDS) access.

  • Implement port security to limit access based upon a MAC address. Disable auto-trunking on all ports.

For more information about network security, refer to the Oracle ILOM Security Guide, which is part of the Oracle ILOM documentation library. You can find the Oracle ILOM documentation at: