1. Owner's Guide
  2. Security and Maintenance of Recovery Appliance
  3. Keeping the Recovery Appliance Secure
  4. Securing the Software

Securing the Software

Frequently, hardware security is implemented through software measures.

Implement the following guidelines to protect hardware and software:

  • Change all default passwords when the system is installed at the site. Recovery Appliance uses default passwords for initial installation and deployment that are widely known. A default password could allow unauthorized access to the equipment. Devices such as the network switches have multiple user accounts. Be sure to change all account passwords on the components in the rack.

  • Limit use of the root super user account. Use non-root access when possible. Create and use Integrated Lights Out Manager (ILOM) user accounts for individual users to ensure a positive identification in audit trails, and less maintenance when administrators leave the team or company.

  • Restrict physical access to USB ports, network ports, and system consoles. Servers and network switches have ports and console connections, which provide direct access to the system.

  • Restrict the capability to restart the system over the network.

  • Create named admin_users to manage the hosts.

  • Disable direct root and oracle access.

  • Create named db_users for administration and monitoring.

  • Disable remote sys access.

  • Disable remote rasys access.