No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

AR500, AR510, AR531, AR550, AR1500, and AR2500 Security Hardening And Maintenance Guide

This document provides guidance for strengthening network and device security in terms of network security risks, security architecture, and security hardening policies. It also provides guidance for routine maintenance of device security in terms of the management, control, and forwarding planes.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Potential Security Risks Caused by the Openness of IP Networks

Potential Security Risks Caused by the Openness of IP Networks

An open IP network has clear network architecture but also causes great potential security risks.

The IP network does not provide an authentication and authorization mechanism for terminal access, and therefore any terminal can access the IP network at will. Attackers can easily access the IP network and probe the IP address of a device, and then initiate attacks. In addition, they can easily simulate mass source IP addresses through address spoofing to initiate attacks on the device.

In the Transmission Control Protocol/Internet Protocol (TCP/IP) suite, Layer 3 and lower layers have no security defense capabilities. Therefore, the application layer needs to ensure message integrity, authentication and authorization, and protocol consistency. As a result, attacks at Layer 4 or a lower layer usually target at the device.

The Ethernet network itself lacks identity authentication capabilities, which may easily cause MAC address spoofing attacks.

The IP stack is not designed with a security policy structure and therefore is susceptible to attacks.

The preceding potential security risks may expose networks to a variety of attacks, such as address spoofing attacks, replay attacks, malformed packet attacks, network viruses, message tampering, and traffic flooding, and therefore cause security problems.

Translation
Download
Updated: 2019-05-06

Document ID: EDOC1000097300

Views: 4828

Downloads: 72

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next