Page 1
Sun Blade X4-2B
Security Guide
Part No: E37282–03
September 2013
Page 2
Copyright © 2013, Oracle and/or its aliates. All rights reserved.
This software and related documentation are provided under a license agreement containing restrictions on use and disclosure and are protected by intellectual
property laws. Except as expressly permitted in your license agreement or allowed by law, you may not use, copy, reproduce, translate, broadcast, modify, license,
transmit, distribute, exhibit, perform, publish, or display any part, in any form, or by any means. Reverse engineering, disassembly, or decompilation of this software,
unless required by law for interoperability, is prohibited.
The information contained herein is subject to change without notice and is not warranted to be error-free. If you nd any errors, please report them to us in writing.
If this is software or related documentation that is delivered to the U.S. Government or anyone licensing it on behalf of the U.S. Government, the following notice is
applicable:
U.S. GOVERNMENT END USERS. Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or
documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and
agency-specic supplemental regulations. As such, use, duplication, disclosure, modication, and adaptation of the programs, including any operating system,
integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the
programs. No other rights are granted to the U.S. Government.
This software or hardware is developed for general use in a variety of information management applications. It is not developed or intended for use in any inherently
dangerous applications, including applications that may create a risk of personal injury. If you use this software or hardware in dangerous applications, then you shall
be responsible to take all appropriate fail-safe, backup, redundancy, and other measures to ensure its safe use. Oracle Corporation and its aliates disclaim any
liability for any damages caused by use of this software or hardware in dangerous applications.
Oracle and Java are registered trademarks of Oracle and/or its aliates. Other names may be trademarks of their respective owners.
Intel and Intel Xeon are trademarks or registered trademarks of Intel Corporation. All SPARC trademarks are used under license and are trademarks or registered
trademarks of SPARC International, Inc. AMD, Opteron, the AMD logo, and the AMD Opteron logo are trademarks or registered trademarks of Advanced Micro
Devices. UNIX is a registered trademark of The Open Group.
This software or hardware and documentation may provide access to or information on content, products, and services from third parties. Oracle Corporation and
its aliates are not responsible for and expressly disclaim all warranties of any kind with respect to third-party content, products, and services. Oracle Corporation
and its aliates will not be responsible for any loss, costs, or damages incurred due to your access to or use of third-party content, products, or services.
Ce logiciel et la documentation qui l’accompagnesont protégés par les lois sur la propriété intellectuelle. Ils sont concédés sous licence et soumis à des restrictions
d’utilisation et de divulgation. Sauf disposition de votre contrat de licence ou de la loi, vous ne pouvez pas copier, reproduire, traduire, diuser, modier, breveter,
transmettre, distribuer, exposer, exécuter, publier ou acher le logiciel, même partiellement, sous quelque forme et par quelque procédé que ce soit. Par ailleurs, il est
interdit de procéder à toute ingénierie inverse du logiciel, de le désassembler ou de le décompiler, excepté à des ns d’interopérabilité avec des logiciels tiers ou tel que
prescrit par la loi.
Les informations fournies dans ce document sont susceptibles de modication sans préavis. Par ailleurs, Oracle Corporation ne garantit pas qu’elles soient exemptes
d’erreurs et vous invite, le cas échéant, à lui en faire part par écrit.
Si ce logiciel, ou la documentation qui l’accompagne,est concédé sous licence au Gouvernement des Etats-Unis, ou à toute entité qui délivre la licence de ce logiciel
ou l’utilise pour le compte du Gouvernement des Etats-Unis, la notice suivante s’applique:
U.S. GOVERNMENT END USERS. Oracle programs, including any operating system, integrated software, any programs installed on the hardware, and/or
documentation, delivered to U.S. Government end users are "commercial computer software" pursuant to the applicable Federal Acquisition Regulation and
agency-specic supplemental regulations. As such, use, duplication, disclosure, modication, and adaptation of the programs, including any operating system,
integrated software, any programs installed on the hardware, and/or documentation, shall be subject to license terms and license restrictions applicable to the
programs. No other rights are granted to the U.S. Government.
Ce logiciel ou matériel a été développé pour un usage général dans le cadre d’applications de gestion des informations. Ce logiciel ou matériel n’est pas conçu ni n’est
destiné à être utilisé dans des applications à risque, notamment dans des applications pouvant causer des dommages corporels. Si vous utilisez ce logiciel ou matériel
dans le cadre d’applications dangereuses, il est de votre responsabilité de prendre toutes les mesures de secours, de sauvegarde, de redondance et autres mesures
nécessaires à son utilisation dans des conditions optimales de sécurité. Oracle Corporation et ses aliés déclinent toute responsabilité quant aux dommages causés
par l’utilisation de ce logiciel ou matériel pour ce type d’applications.
Oracle et Java sont des marques déposées d’OracleCorporation et/ou de ses aliés. Tout autre nom mentionné peut correspondre à des marques appartenant à
d’autrespropriétaires qu’Oracle.
Intel et Intel Xeon sont des marques ou des marques déposées d’Intel Corporation. Toutes les marques SPARC sont utilisées sous licence et sont des marques ou des
marques déposées de SPARC International, Inc. AMD, Opteron, le logo AMD et le logo AMD Opteron sont des marques ou des marques déposées d’Advanced Micro
Devices. UNIX est une marque déposée d’The Open Group.
Ce logiciel ou matériel et la documentation qui l’accompagne peuvent fournir des informations ou des liens donnant accès à des contenus, des produits et des services
émanant de tiers. Oracle Corporation et ses aliés déclinent toute responsabilité ou garantie expresse quant aux contenus, produits ou services émanant de tiers. En
aucun cas, Oracle Corporation et ses aliés ne sauraient être tenus pour responsables des pertes subies, des coûts occasionnés ou des dommages causés par l’accès à
des contenus, produits ou services tiers, ou à leur utilisation.
130912@25097
Page 3
Contents
Overview ..................................................................................................................................................5
System Overview .............................................................................................................................5
Security Principles ..........................................................................................................................5
Using Server Conguration and Management Tools ........................................................................7
Oracle System Assistant Security ..................................................................................................7
Oracle System Assistant contains a bootable root environment ...............................................7
Oracle System Assistant mounts a USB storage device that is accessible to the operating
system ...............................................................................................................................................7
Oracle System Assistant can be disabled ......................................................................................8
Oracle ILOM Security .....................................................................................................................8
Oracle Hardware Management Pack Security .............................................................................9
Planning a Secure Environment ........................................................................................................ 11
Operating System Security Guidelines ...................................................................................... 11
Network Ports and Switches ....................................................................................................... 12
VLAN Security ............................................................................................................................. 12
Inniband Security ...................................................................................................................... 13
Hardware Physical Security ........................................................................................................13
Software Security .......................................................................................................................... 14
Maintaining a Secure Environment .................................................................................................. 15
Hardware Power Control ............................................................................................................15
Asset Tracking .............................................................................................................................. 15
Updates for Software and Firmware .......................................................................................... 16
Network Access ............................................................................................................................ 16
Data Protection ............................................................................................................................ 17
Log Maintenance .......................................................................................................................... 17
3
Page 4
4
Page 5
Overview
This document provides general security guidelines to help you protect the Oracle Sun Blade
X4-2B, its network interfaces, and the network switches to which it is connected.
System Overview
The Sun Blade X4-2B server module consists of two processors (from the Intel ® Xeon ®
processor E5-2600 V2 processor family), and 24 DIMM slots for a maximum capacity of up to
768 GB of memory. The blade server module is inserted in to a Sun Blade 6000 chassis, which
provides power and cooling to the blades. The Sun Blade X4-2B server module is an ideal blade
for building enterprise cloud infrastructures.
The RAID expansion module (REM) is installed on the Sun Blade X4-2B server module for
RAID and connectivity to the SAS drives. The Fabric Expansion Module (FEM) is also installed
on the server module to enable a connection to the Network Express Modules through Sun
Blade 6000 chassis' midplane. The Sun Blade X4-2B also has an onboard service processor (SP)
to enable Oracle Integrated Lights Out Manager (ILOM) that provides secure local and remote
management.
Security Principles
There are four basic security principles: access, authentication, authorization, and accounting.
■
Access
Access refers to physical access to hardware, or physical or virtual access to software.
■
Use physical and software controls to protect your hardware and data from intrusion.
■
Refer to the documentation that came with your software to enable any security features
available for the software.
■
Install servers and related equipment in a locked, restricted access room.
■
If equipment is installed in a rack with a locking door, keep the door locked except when
you have to service components in the rack.
■
Restrict access to connectors or ports, which can provide more powerful access than SSH
connections. Devices such as system controllers, power distribution units (PDUs), and
network switches provide connectors and ports.
5
Page 6
Security Principles
■
Restrict access to hot-plug or hot-swap devices in particular because they can be easily
removed.
■
Store spare eld-replaceable units (FRUs) and customer-replaceable units (CRUs) in a
locked cabinet. Restrict access to the locked cabinet to authorized personnel.
■
Authentication
Authentication refers to ensuring that users of hardware or software are who they say they
are.
■
Set up authentication features such as a password system in your platform operating
systems to ensure that users are who they say they are.
■
Ensure that your personnel use employee badges properly to enter the computer room.
■
For user accounts: use access control lists where appropriate; set time-outs for extended
sessions; set privilege levels for users.
■
Authorization
Authorization refers to restrictions placed on personnel to work with hardware or software.
■
Allow personnel to work only with hardware and software that they are trained and
qualied to use.
■
Set up a system of Read/Write/Execute permissions to control user access to commands,
disk space, devices, and applications.
■
Accounting
Accounting refers to software and hardware features used to monitor login activity and
maintenance of hardware inventories.
■
Use system logs to monitor user logins. Monitor system administrator and service
accounts in particular because those accounts can access powerful commands.
■
Keep a record of the serial numbers of all your hardware. Use component serial numbers
to track system assets. Oracle part numbers are electronically recorded on cards,
modules, and components.
■
To detect and track components, provide a security mark on all signicant items of
computer hardware such as FRUs. Use special ultraviolet pens or embossed labels.
Sun Blade X4-2B • September20136
Page 7
Using Server Conguration and Management
Tools
Follow these security guidelines when using software and rmware tools to congure and
manage your server.
Oracle System Assistant Security
Oracle System Assistant is a preinstalled tool that helps you to locally or remotely congure and
update server hardware and to install supported operating systems. For information about how
to use Oracle System Assistant, refer to the
The following section describes security information related to Oracle System Assistant.
Oracle System Assistant contains a bootable root environment
Oracle System Assistant is an application that runs on a preinstalled, internal USB ash drive. It
is built on top of a bootable Linux root environment. Oracle System Assistant also provides the
ability to access its underlying root shell. Users who have physical access to the system, or who
have remote KVMS (keyboard, video, mouse, and storage) access to the system through Oracle
ILOM, will be able to access Oracle System Assistant and the root shell.
Oracle X4 Series Servers Administration Guide.
A root environment can be used to change system conguration and policies, as well as to
access data on other disks. It is recommended that physical access to the server be protected and
that the administrator and console privileges for Oracle ILOM users be assigned sparingly.
Oracle System Assistant mounts a USB storage device that is accessible to the operating system
In addition to being a bootable environment, Oracle System Assistant is also mounted as a USB
storage device (ash drive) that is accessible to the host operating system after installation. This
is useful when accessing tools and drivers for maintenance and reconguration. The Oracle
System Assistant USB storage device is both readable and writeable and could potentially be
exploited by viruses.
7
Page 8
Oracle System Assistant can be disabled
It is recommended that the same methods for protecting disks be applied to the Oracle System
Assistant storage device, including regular virus scans and integrity checking.
Oracle System Assistant can be disabled
Oracle System Assistant is a useful tool in helping to set up the server, update and congure
rmware, and install the host operating system. However, if the security implications described
above are unacceptable, or if the tool is not needed, Oracle System Assistant can be disabled.
Disabling Oracle System Assistant means that the USB storage device will no longer be
accessible to the host operating system. In addition, it will not be possible to boot Oracle System
Assistant.
You can disable Oracle System Assistant from either the tool itself or from BIOS. Once disabled,
Oracle System Assistant can only be re-enabled from the BIOS Setup Utility. It is recommended
that BIOS Setup be password-protected so that only authorized users can re-enable Oracle
System Assistant. For information about how to disable and re-enable Oracle System Assistant,
refer to the
Oracle X4 Series Servers Administration Guide.
Oracle ILOM Security
You can actively secure, manage, and monitor system components using Oracle Integrated
Lights Out Manager (Oracle ILOM) management rmware, which is preinstalled on this server
module, on other Oracle x86-based servers, and on some Oracle SPARC-based servers.
Use a dedicated internal network for the service processor (SP) to separate it from the general
network. Oracle ILOM provides server control and monitoring functions to system
administrators. Depending on the authorization level granted to the administrators, these
functions might include the ability to power o the server, create user accounts, mount remote
storage devices, and so on. Therefore, to maintain the most reliable and secure environment for
Oracle ILOM, the dedicated network management port or the sideband management port on
the server must always be connected to an internal trusted network or dedicated secure
management/private network.
Limit the use of the default Administrator account (root) to the initial Oracle ILOM login. This
default Administrator account is provided only to aid with the initial sever installation.
Therefore, to ensure the most secure environment, you must change the default Administrator
password (changeme) as part of the initial setup of the system. In addition to changing the
password for the default Administrator account, new user accounts with unique passwords and
assigned authorization levels should be established for each new Oracle ILOM user.
Refer to Oracle ILOM documentation to understand more about setting up passwords,
managing users, and applying security-related features, including Secure Shell (SSH), Secure
Socket Layer (SSL), and RADIUS authentication. For security guidelines that are specic to
Sun Blade X4-2B • September20138
Page 9
Oracle ILOM, refer to the Oracle Integrated Lights Out Manager (ILOM) 3.1 Security Guide,
which is part of the Oracle ILOM 3.1 documentation library. You can nd the Oracle ILOM 3.1
documentation at:
http://www.oracle.com/goto/ILOM/docs
Oracle Hardware Management Pack Security
Oracle Hardware Management Pack is available for your server, and for many other x86-based
servers and some SPARC servers. Oracle Hardware Management Pack features two
components: an SNMP monitoring agent and a family of cross-operating system
command-line interface tools (CLI Tools) for managing your server.
With the Hardware Management Agent SNMP Plugins, you can use SNMP to monitor Oracle
servers and server modules in your data center with the advantage of not having to connect to
two management points, the host and Oracle ILOM. This functionality enables you to use a
single IP address (the host's IP address) to monitor multiple servers and server modules. The
SNMP Plugins run on the host operating system of Oracle servers.
You can use the Oracle Server CLI Tools to congure Oracle servers. The CLI Tools work with
Oracle Solaris, Oracle Linux, Oracle VM, other variants of Linux, and Microsoft Windows
operating systems.
Oracle Hardware Management Pack Security
Refer to the Oracle Hardware Management Pack documentation for more information about
these features. For security guidelines that are specic to Oracle Hardware Management Pack,
refer to the Oracle Hardware Management Pack (HMP) Security Guide, which is part of the
Oracle Hardware Management Pack documentation library. You can nd the Oracle Hardware
Management Pack documentation at:
http://www.oracle.com/goto/OHMP/docs
9
Page 10
10
Page 11
Planning a Secure Environment
Use the following notes before and during the installation and conguration of a server and
related equipment.
The following topics are covered:
■
“Operating System Security Guidelines” on page 11
■
“Network Ports and Switches” on page 12
■
“VLAN Security” on page 12
■
“Inniband Security” on page 13
■
“Hardware Physical Security ” on page 13
■
“Software Security” on page 14
Operating System Security Guidelines
Refer to Oracle operating system (OS) documents for information on:
■
How to use security features when conguring your systems
■
How to operate securely when you add applications and users to a system
■
How to protect network-based applications
Security Guide documents for supported Oracle operating systems are part of the
documentation library for the operating system. To nd the Security Guide document for an
Oracle operating system, go to the Oracle operating system documentation library:
Operating System Link
Oracle Solaris OS http://docs.oracle.com/
cd/E23824_01/html/819-3195/index.html
Linux OS http://linux.oracle.com
Windows OS For information on non-Oracle operating systems, refer to the
vendor's documentation.
Oracle VM OS
http://www.oracle.com/
technetwork/documentation/vm-096300.html
11
Page 12
Network Ports and Switches
Operating System Link
VMware OS For information on non-Oracle operating systems, refer to the
Network Ports and Switches
Dierent switches oer dierent levels of port security features. Refer to the switch
documentation to learn how to do the following.
■
Use authentication, authorization, and accounting features for local and remote access to
the switch.
■
Change every password on network switches that might have multiple user accounts and
passwords by default.
■
Manage switches out-of-band (separated from data trac). If out-of-band management is
not feasible, then dedicate a separate virtual local area network (VLAN) number for in-band
management.
■
Use the port mirroring capability of the network switch for intrusion detection system (IDS)
access.
■
Maintain a switch conguration le o-line and limit access only to authorized
administrators. The conguration le should contain descriptive comments for each
setting.
■
Implement port security to limit access based upon MAC addresses. Disable auto-trunking
on all ports.
■
Use these port security features if they are available on your switch:
■
MAC Locking involves associating a Media Access Control (MAC) address of one or
more connected devices to a physical port on a switch. If you lock a switch port to a
particular MAC address, superusers cannot create backdoors into your network with
rogue access points.
■
MAC Lockout disables a specied MAC address from connecting to a switch.
■
MAC Learning uses the knowledge about each switch port's direct connections so that
the network switch can set security based on current connections.
vendor's documentation.
VLAN Security
If you set up a virtual local area network (VLAN), remember that VLANs share bandwidth on a
network and require additional security measures.
■
Dene VLANs to separate sensitive clusters of systems from the rest of the network. This
decreases the likelihood that users will gain access to information on these clients and
servers.
Sun Blade X4-2B • September201312
Page 13
■
Assign a unique native VLAN number to trunk ports.
■
Limit the VLANs that can be transported over a trunk to only those that are strictly
required.
■
Disable VLAN Trunking Protocol (VTP), if possible. Otherwise, set the following for VTP:
management domain, password, and pruning. Then set VTP into transparent mode.
Inniband Security
Keep Inniband hosts secure. An Inniband fabric is only as secure as its least secure Inniband
host.
■
Note that partitioning does not protect an Inniband fabric. Partitioning only oers
Inniband trac isolation between virtual machines on a host.
■
Use static VLAN conguration, when possible.
■
Disable unused switch ports and assign them an unused VLAN number.
Hardware Physical Security
Physical hardware can be secured fairly simply: limit access to the hardware and record serial
numbers.
■
Restrict access
■
Install servers and related equipment in a locked, restricted access room.
■
If equipment is installed in a rack with a locking door, keep the door locked except when
you have to service components in the rack. Lock the door after servicing the equipment.
■
Restrict access to USB consoles, which can provide more powerful access than SSH
connections. Devices such as system controllers, power distribution units (PDUs), and
network switches can have USB connections.
■
Restrict access to hot-plug or hot-swap devices in particular because they can be easily
removed.
■
Store spare eld-replaceable units (FRUs) or customer-replaceable units (CRUs) in a
locked cabinet. Restrict access to the locked cabinet to authorized personnel.
■
Record serial numbers
■
Security-mark all signicant items of computer hardware such as FRUs. Use special
ultraviolet pens or embossed labels.
■
Keep a record of the serial numbers of all your hardware.
■
Keep hardware activation keys and licenses in a secure location that is easily accessible to
the system manager in system emergencies. The printed documents might be your only
proof of ownership.
Hardware Physical Security
13
Page 14
Software Security
Software Security
Most hardware security is implemented through software measures.
■
Change all default passwords when installing a new system. Most types of equipment use
default passwords, such as changeme, that are widely known and would allow unauthorized
access to the equipment.
■
Change every password on network switches which might have multiple user accounts and
passwords by default.
■
Limit use of the root superuser account. Oracle Integrated Lights Out Manager (Oracle
ILOM) accounts such as ilom-operator and ilom-admin should be used instead whenever
possible.
■
Use a dedicated network for service processors to separate them from the general network.
■
Protect access to USB consoles. Devices such as system controllers, power distribution units
(PDUs), and network switches can have USB connections, which can provide more
powerful access than SSH connections.
■
Refer to the documentation that came with your software to enable any security features
available for the software.
■
Implement port security to limit access based upon MAC addresses. Disable autotrunking
on all ports.
Sun Blade X4-2B • September201314
Page 15
Maintaining a Secure Environment
After the initial installation and setup, use Oracle hardware and software security features to
continue controlling hardware and tracking system assets.
■
“Hardware Power Control” on page 15
■
“Asset Tracking” on page 15
■
“Updates for Software and Firmware” on page 16
■
“Network Access” on page 16
■
“Data Protection” on page 17
■
“Log Maintenance” on page 17
Hardware Power Control
You can use software to turn on and o power to some Oracle systems. The power distribution
units (PDUs) for some system cabinets can be enabled and disabled remotely. Authorization for
these commands is typically set up during system conguration and is usually limited to system
administrators and service personnel.
Refer to your system or cabinet documentation for further information.
Asset Tracking
Use serial numbers to track inventory. Oracle embeds serial numbers in rmware on option
cards and system mother boards. You can read these serial numbers through local area network
connections.
You can also use wireless radio frequency identication (RFID) readers to further simplify asset
tracking. An Oracle white paper, How to Track Your Oracle Sun System Assets by Using RFID is
available at:
technetwork/articles/systems-hardware-architecture/
o11-001-rfid-oracle-214567.pdf
http://www.oracle.com/
15
Page 16
Updates for Software and Firmware
Updates for Software and Firmware
Keep your software and rmware versions current on your server equipment.
■
Check regularly for updates.
■
Always install the latest released version of the software or rmware on your equipment.
■
Install any necessary security patches for your software.
■
Remember that devices such as network switches and Express Modules also contain
rmware and might require patches and rmware updates.
Network Access
Follow these guidelines to ensure the security of local and remote access to your systems:
■
Limit remote conguration to specic IP addresses using SSH instead of Telnet. Telnet
passes user names and passwords in clear text, potentially allowing everyone on the LAN
segment to see login credentials. Set a strong password for SSH.
■
Use version 3 of Simple Network Management Protocol (SNMP) to provide secure
transmissions. Earlier versions of SNMP are not secure and transmit authentication data in
unencrypted text.
■
Change the default SNMP community string to a strong community string if SNMP is
necessary. Some products have PUBLIC set as the default SNMP community string.
Attackers can query a community to draw a very complete network map and possibly
modify management information base (MIB) values.
■
Always log out after using the system controller if it uses a browser interface.
■
Disable unnecessary network services, such as Transmission Control Protocol (TCP) or
Hypertext Transfer Protocol (HTTP). Enable necessary network services and congure
these services securely.
■
Follow LDAP security measures when using LDAP to access the system. Refer to the Oracle
ILOM Security Guide.
■
Create a banner to state that unauthorized access is prohibited.
■
Use access control lists where appropriate.
■
Set time-outs for extended sessions and set privilege levels.
■
Use authentication, authorization, and accounting (AAA) features for local and remote
access to a switch.
■
If possible, use the RADIUS and TACACS+ security protocols:
■
RADIUS (Remote Authentication Dial In User Service) is a client/server protocol that
secures networks against unauthorized access
Sun Blade X4-2B • September201316
Page 17
■
TACACS+ (Terminal Access Controller Access-Control System) is a protocol that
permits a remote access server to communicate with an authentication server to
determine if a user has access to the network.
■
Use the port mirroring capability of the switch for intrusion detection system (IDS) access.
■
Implement port security to limit access based upon a MAC address. Disable auto trunking
on all ports.
■
Limit remote conguration to specic IP addresses using SSH instead of Telnet. Telnet
passes user names and passwords in clear text, potentially allowing everyone on the LAN
segment to see login credentials. Set a strong password for SSH.
Data Protection
Follow these guidelines to maximize data security:
■
Back up important data using devices such as external hard drives, pen drives, or memory
sticks. Store the backed up data in a second, o-site, secure location.
■
Use data encryption software to keep condential information on hard drives secure.
■
When disposing of an old hard drive, physically destroy the drive or completely erase all the
data on the drive. Deleting all the les or reformatting the drive will remove only the address
tables on the drive. Use disk wiping software to completely erase all data on a drive.
Log Maintenance
Log Maintenance
Inspect and maintain your log les on a regular schedule. Use these methods to secure log les.
■
Enable logging and send system logs to a dedicated secure log host.
■
Congure logging to include accurate time information, using Network Time Protocol
(NTP) and timestamps.
■
Review logs for possible incidents and archive them in accordance with a security policy.
■
Periodically retire log les when they exceed a reasonable size. Maintain copies of the retired
les for possible future reference or statistical analysis.
17
Page 18
18
Loading...