Additional security measures

The following list of additional security measures ensures maximum network security for the DS8000 and HMC:

• All nontrusted network commands and service are either disabled or completely removed (that is, the Berkeley r-commands, Sun RPC commands, telnet clients.
• As recommended in the US Department of Energy CIAC bulletin, all nonessential Internet daemons are either not installed (ftp, telnet), or disabled.
• All unused Internet ports are disabled.
• All nonessential TCP/IP commands have been removed.
• The root user account is locked, and is not a login user.
• A nonauthenticated user does not have access to a command line or shell.
• In order to gain privileged access, a one time challenge/key password is used that ensures that only current IBM® employees can gain access.
• Neither Domain Name Service (DNS) nor any standard TCP/IP services (ftp, telnet) are available for remote connections.