Computer Accessories User's Manual
Linux Security Hardening 105
• Choose software you use to remove or clean the viruses, as well as
send warning messages.
• Choose software that uses a maximum of 10% of CPU for a scheduled
scan and 3% for an active scan.
BIOS setting and password protection
To secure the server, Nortel recommends the following:
• Disable boot from CD or DVD drive in the Basic Input Output System
(BIOS).
• Add a BIOS password. For information about adding a BIOS password
to the HP DL320 G4 server see “Setting the HP DL320 G4 server
BIOS password” (page 130). For information about adding a BIOS
password to the IBM x306m server see “Setting the IBM x306m server
BIOS password” (page 136).
•
Add a boot loader password.
Removal of the Ctrl+Atl+Del keyboard shutdown command
The Ctrl+Alt+Del shutdown command is disabled.
Single-user-text-mode booting is disabled
This booting mode is disabled to prevent the unauthorized access of the
system.
Hardened communications by using secure protocols
Secure Shell (SSH) and its accompanying tools are included by default.
The secure protocols are also a replacement for some insecure protocols,
as shown in Table 3 "Security communication protocols" (page 105).
Table 3
Security communication protocols
Insecure protocols (disabled) Replacement secure protocols (supported)
telnet ssh
rsh ssh
rlogin ssh
tftp sftp
ftp sftp
rcp scp
Nortel Communication Server 1000
Linux Platform Base and Applications Installation and Commissioning
NN43001-315 02.09
29 October 2008
Copyright © 2007–2008 Nortel Networks
.