Secure-environment considerations

Consider the following information when you are evaluating the security requirements for your environment.

• The physical security of your environment is important. Limit access to rooms and racks where systems-management hardware is kept.
• Use a software-based firewall to protect your network hardware and data from known and emerging security threats, such as viruses and unauthorized access.
• Do not change the default security settings for the network switches and pass-thru modules. The manufacturing default settings for these components disable the use of unsecure protocols and enable the requirement for signed firmware updates.
• At a minimum, ensure that critical firmware updates are installed. After making any changes, always back up the configuration.
• Ensure that all security-related updates for DNS servers are installed promptly and kept up to date.
• Instruct your users to not accept any untrusted certificates. For more information, see Working with security certificates.
• Where possible and practical, place the systems-management hardware in a separate subnet. Typically, only supervisors should have access to the systems-management hardware, and no basic users should be given access.
• When you choose passwords, do not use expressions that are easy to guess, such as "password" or the name of your company. Keep the passwords in a secure place, and ensure that access to the passwords is restricted. Implement a password policy for your company.
  Important

  Strong password rules should be required for all users.
• Establish power-on passwords for users as a way to control who has access to the data and setup programs on the servers. See the documentation that comes with your hardware for more information about power-on passwords.