No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

E9000 Server V100R001 User Guide 24

This document describes the overview, functions, structure, installation, and configuration methods of the E9000.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Management Module

Management Module

This section describes the hierarchical command protection, remote SSH logins, and SNMP encrypted authentication of management modules.

Hierarchical Command Protection

Management modules authenticate users when they are logging in to management modules over an Ethernet port. Only authenticated users can configure and maintain management modules.

Management modules use a hierarchical protection mode for commands, and define three command levels in ascending order: monitoring level, configuration level, and management level. Users are also classified into three levels accordingly: common users, operators, and administrators. Users can use only commands at levels the same as or lower than their own levels, effectively controlling user rights.

Remote SSH Login

Management modules support SSH. On networks without security assurance, SSH provides security guarantee and authentication functions for user logins and defends against multiple attacks. Management modules also support SFTP to provide encryption protection for file transfer.

SNMP Encrypted Authentication

Management modules support encrypted authentication over SNMPv3 and SNMP Trap V3. When management modules are managed by the NMS over SNMP, the encrypted authentication mode of the USM can be used to guarantee the security of management modules.

The SNMPv3 and SNMP Trap V3 use the message digest algorithm 5 (MD5) or secure hash algorithm (SHA) for authentication, and the Data Encryption Standard (DES) or Advanced Encryption Standard (AES) for encryption. The default authentication protocol is MD5, which is weak and vulnerable to being cracked. You are advised to set the authentication protocol to SHA.

NOTE:

The management modules conform to the SNMPv1, SNMPv2c, and Telnet protocols. However, these protocols are disabled by default for security purposes.

Web Service Security

The E9000 chassis provides the web service for chassis management over the WebUI. The web service security functions are listed as follows:

  • Automatically converting HTTP requests into HTTPS requests

    The web service platform automatically converts HTTP requests into HTTPS requests when users access the web service platform using HTTP, enhancing access security.

  • Preventing cross-site scripting (XSS)

    XSS is a type of computer vulnerability typically found in web applications. XSS enables attackers to inject client-side scripts into web pages viewed by other users.

  • Preventing SQL injection

    SQL injection is a code injection technique. Malicious SQL statements are inserted into an entry field of a web form or a query string of a page request for execution.

  • Preventing cross-site request forgery

    Cross-site request forgery is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. For example, when a user logs in to website A and the session does not time out, the user then logs in to website B, which is embedded with malicious programs. In this situation, an attacker can obtain the session ID of website A and use this ID to log in to website A and intercept private information.

  • Hiding sensitive information

    The web service platform protects sensitive information from being obtained by attackers.

  • Restricting file uploads and downloads

    The web service platform limits file uploads and downloads, protects confidential files from leakage, and prevents insecure files from being uploaded.

  • Preventing URL overriding

    Specific permissions are granted to each type of user to prevent users from performing unauthorized operations on the system.

  • Ensuring the security of user names and passwords

    Web user names and passwords must meet system security requirements, for example, password strength.

Translation
Download
Updated: 2019-08-30

Document ID: EDOC1000015897

Views: 91307

Downloads: 5243

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next