Access refers to physical access to hardware, or physical or virtual access to software.
Use physical and software controls to protect your hardware and data from intrusion.
Change all default passwords when installing a new system. Most types of equipment use default passwords, such as changeme, that are widely known and could allow unauthorized access to hardware or software.
Refer to the documentation that came with your software to enable any security features available for the software.
Install servers and related equipment in a locked, restricted access room.
If equipment is installed in a rack with a locking door, keep the door locked except when you have to service components in the rack.
Restrict access to USB ports and consoles. Devices such as system controllers, power distribution units (PDUs), and network switches have USB connections, which can provide direct access to the system. Physical access is a more secure method of accessing components since it is not susceptible to network-based attacks.
Restrict the capability to restart the system over the network.
Restrict access to hot-plug or hot-swap devices in particular because they can be easily removed.
Store spare field-replaceable units (FRUs) and customer-replaceable units (CRUs) in a locked cabinet. Restrict access to the locked cabinet to authorized personnel.