No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR500, AR510, AR531, AR550, AR1500, and AR2500 Security Hardening And Maintenance Guide

This document provides guidance for strengthening network and device security in terms of network security risks, security architecture, and security hardening policies. It also provides guidance for routine maintenance of device security in terms of the management, control, and forwarding planes.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
About This Document

About This Document

Purpose

This document provides guidance for strengthening network and device security in terms of network security risks, security architecture, and security hardening policies. It also provides guidance for routine maintenance of device security in terms of the management, control, and forwarding planes.

This document together with other types of documents helps intended readers get a deep understanding of the security policy.

Intended Audience

This document is intended for:

  • Network planning engineers
  • Commissioning engineers
  • Data configuration engineers
  • System maintenance engineers

Symbol Conventions

The symbols that may be found in this document are defined as follows.

Symbol Description
Indicates a hazard with a high level or medium level of risk which, if not avoided, could result in death or serious injury.
Indicates a hazard with a low level of risk which, if not avoided, could result in minor or moderate injury.
Indicates a potentially hazardous situation that, if not avoided, could result in equipment damage, data loss, performance deterioration, or unanticipated results.
Provides a tip that may help you solve a problem or save time.
Provides additional information to emphasize or supplement important points in the main text.

Interface Numbering Conventions

Interface numbers used in this manual are examples. In device configuration, use the existing interface numbers on devices.

Security Conventions

  • Password setting
    • When configuring a password, the cipher text is recommended. To ensure device security, change the password periodically.
    • When you configure a password in plain text that starts and ends with %@%@, @%@%, %#%#, or %^%# (the password can be decrypted by the device), the password is displayed in the same manner as the configured one in the configuration file. Do not use this setting.
    • When you configure a password in cipher text, different features cannot use the same cipher-text password. For example, the cipher-text password set for the AAA feature cannot be used for other features.
  • Encryption algorithm

    Currently, the device uses the following encryption algorithms: 3DES, AES, RSA, SHA1, SHA2, and MD5. 3DES, RSA and AES are reversible, while SHA1, SHA2, and MD5 are irreversible. The encryption algorithms DES/3DES/RSA (RSA-1024 or lower)/MD5 (in digital signature scenarios and password encryption)/SHA1 (in digital signature scenarios) have a low security, which may bring security risks. If protocols allowed, using more secure encryption algorithms, such as AES/RSA (RSA-2048 or higher)/SHA2/HMAC-SHA2, is recommended. The encryption algorithm depends on actual networking. The irreversible encryption algorithm must be used for the administrator password, SHA2 is recommended.

  • Personal data

    Some personal data may be obtained or used during operation or fault location of your purchased products, services, features, so you have an obligation to make privacy policies and take measures according to the applicable law of the country to protect personal data.

  • The terms mirrored port, port mirroring, traffic mirroring, and mirroring in this manual are mentioned only to describe the product's function of communication error or failure detection, and do not involve collection or processing of any personal information or communication data of users.

Declaration

  • This manual is only a reference for you to configure your devices. The contents in the manual, such as web pages, command line syntax, and command outputs, are based on the device conditions in the lab. The manual provides instructions for general scenarios, but do not cover all usage scenarios of all product models. The contents in the manual may be different from your actual device situations due to the differences in software versions, models, and configuration files. The manual will not list every possible difference. You should configure your devices according to actual situations.
  • The specifications provided in this manual are tested in lab environment (for example, the tested device has been installed with a certain type of boards or only one protocol is run on the device). Results may differ from the listed specifications when you attempt to obtain the maximum values with multiple functions enabled on the device.
  • In this document, public IP addresses may be used in feature introduction and configuration examples and are for reference only unless otherwise specified.

Change History

Changes between document issues are cumulative. The latest document issue contains all the changes made in earlier issues.

Changes in Issue 04 (2019-04-30)

This version has the following updates:

The following information is modified:

Changes in Issue 03 (2019-03-06)

This version has the following updates:

The following information is modified:

Changes in Issue 02 (2014-10-31)

This version has the following updates:

Changes in Issue 01 (2014-10-20)

This issue is the first official release.

Translation
Download
Updated: 2019-05-06

Document ID: EDOC1000097300

Views: 5148

Downloads: 72

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next