Linux Security Hardening 105
•Choose software you use to remove or clean the viruses, as well as send warning messages.
•Choose software that uses a maximum of 10% of CPU for a scheduled scan and 3% for an active scan.
BIOS setting and password protection
To secure the server, Nortel recommends the following:
•Disable boot from CD or DVD drive in the Basic Input Output System (BIOS).
•Add a BIOS password. For information about adding a BIOS password to the HP DL320 G4 server see “Setting the HP DL320 G4 server BIOS password” (page 130). For information about adding a BIOS password to the IBM x306m server see “Setting the IBM x306m server BIOS password” (page 136).
•Add a boot loader password.
Removal of the Ctrl+Atl+Del keyboard shutdown command
The Ctrl+Alt+Del shutdown command is disabled.
This booting mode is disabled to prevent the unauthorized access of the system.
Hardened communications by using secure protocols
Secure Shell (SSH) and its accompanying tools are included by default. The secure protocols are also a replacement for some insecure protocols, as shown in Table 3 "Security communication protocols" (page 105).
Table 3
Security communication protocols
Insecure protocols (disabled) | Replacement secure protocols (supported) |
|
|
telnet | ssh |
|
|
rsh | ssh |
|
|
rlogin | ssh |
|
|
tftp | sftp |
|
|
ftp | sftp |
|
|
rcp | scp |
|
|
Nortel Communication Server 1000
Linux Platform Base and Applications Installation and Commissioning
29 October 2008
