Access to the terminal server
You can make a terminals server more secure by minimizing physical and remote access and by hardening the Linux™ instance.
- Workload and users
- It is good practice to use a dedicated system as the terminal server with no unnecessary users defined.
- Physical access
- Physical access to mainframe systems is tightly restricted in most installations. You can also use physical access restrictions to protect your terminal server. Consider configuring a private network for connections to the terminal server with access only from workstations within a controlled physical area.
- Hardening Linux
- It is good practice to limit access to the Linux instance to what is required. Do not install or load any modules that you do not need and switch off all daemons and processes that you do not need. To find out which processes are accessible at network sockets enter:
[root]# netstat -lptu
- Firewall
- Consider protecting your terminal server through a firewall.
- Linux Security Modules
- Consider strengthening security through a Linux security module like SELinux or AppArmor.