No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR500, AR510, AR531, AR550, AR1500, and AR2500 Security Hardening And Maintenance Guide

This document provides guidance for strengthening network and device security in terms of network security risks, security architecture, and security hardening policies. It also provides guidance for routine maintenance of device security in terms of the management, control, and forwarding planes.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
File Security

File Security

Patch Management

Security Policy
  • During patch delivery, the system provides a hash value used to check patch integrity.

  • When the patch package is loaded, cyclic redundancy check (CRC) is implemented on the patch package online. If the patch package passes the online CRC, the patch package can be normally loaded. Otherwise, the patch package is invalid.

  • The patch package in the running state is protected as a system file. That is, the patch package cannot be deleted or modified.

The preceding policies ensure the security of patch files during transfer and running.

Configuration and Maintenance Methods
  1. Check that the current system version matches the patch version.
    • Run the display version command to check the current version.

    • Compare the current system version with the version in the SP basic information. If the current system version is not the version in the SP basic information, upgrade the version to the required version, and then install the SP.

  2. Run the display patch-information command to check whether another SP is loaded.
    NOTE:

    If an informal patch or emergency patch is running in the system and the latest commercial patch cannot be installed directly, run the patch delete all command to delete the running patch, install the latest commercial patch, and restart the device. Otherwise, unexpected problems may occur, for example, resource leaks occur or some issues may fail to be resolved.

  3. Upload the patch file to the device in SFTP mode.
  4. Run the patch load filename all run command in the user view to load and run the patch file.
  5. Run the display patch-information command to check whether the patch file is successfully installed.
Configuration and Maintenance Suggestions
  • Patch release plan

    Release the patch of the latest version periodically every month.

  • Patch obtaining

    Visit http://support.huawei.com/enterprise/, choose Software > Enterprise Networking > Router > Access Router, select the product version, and download the required patch. You are advised to periodically download and install the latest patch.

System Software Management

Security Policy
  • During system software delivery, the system provides a hash value used to check system software integrity.

  • When a package file is configured and started, CRC is implemented on the package online. If the package passes the online CRC, the package can be normally configured. Otherwise, the package is invalid.

  • The package in the running state is protected as a system file. That is, the package cannot be deleted or modified.

The preceding policies ensure the security of package files during transfer and running.

Configuration and Maintenance Methods

None.

Configuration and Maintenance Suggestions

None.

Configuration File Management

Security Policy

Only level-3 administrators can access configuration files. This prevents users of lower levels from modifying or deleting the configuration files. For important system files (such as patch, package, configuration, product adaptive file (PAF), and license files), level-3 administrators can view them only, but cannot delete or modify them. This ensures the security of the system files.

Configuration and Maintenance Methods

N/A

Configuration and Maintenance Suggestions

N/A

Translation
Download
Updated: 2019-05-06

Document ID: EDOC1000097300

Views: 5191

Downloads: 74

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next