The following list of additional security measures ensures maximum network
security for the DS8000 and HMC:
- All nontrusted network commands and service are either disabled or completely
removed (that is, the Berkeley r-commands, Sun RPC commands, telnet clients.
- As recommended in the US Department of Energy CIAC bulletin, all nonessential
Internet daemons are either not installed (ftp, telnet), or disabled.
- All unused Internet ports are disabled.
- All nonessential TCP/IP commands have been removed.
- The root user account is locked, and is not a login user.
- A nonauthenticated user does not have access to a command line or shell.
- In order to gain privileged access, a one time challenge/key password
is used that ensures that only current IBM® employees can gain access.
- Neither Domain Name Service (DNS) nor any standard TCP/IP services (ftp,
telnet) are available for remote connections.