No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


AR500, AR510, AR531, AR550, AR1500, and AR2500 Security Hardening And Maintenance Guide

This document provides guidance for strengthening network and device security in terms of network security risks, security architecture, and security hardening policies. It also provides guidance for routine maintenance of device security in terms of the management, control, and forwarding planes.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Basic Network Security Principles

Basic Network Security Principles

When hardening security of devices, you must obey basic network security principles to ensure that the configuration design scheme can meet security requirements to the largest extent.

Systematic Project Principle

A network is a huge information system. It is a systematic project to ensure the security of the network. Any single devices, nodes, technologies, and configurations cannot ensure the security of the entire network.

Network security is an organic whole that consists of many physical devices, security technologies, and best practice in the security field linked based on a proper security hardening configuration scheme.

Service Preference Principle

Ensure the smooth running of services when security hardening conflicts with services. During security hardening, the security personnel must have an in-depth communication with business departments to understand business objectives. Security hardening must serve business objectives.

"Security Out of Design" Principle

Any secure networks are built through design instead of configuration. Security configurations are preceded by a security hardening scheme.

Behavior Predictability

When designing security hardening, engineers must clearly understand the current system status, such as threats, vulnerabilities, security defense capabilities, and evaluate security risks comprehensively.

During design for security hardening, the responses and possible states of the system under security attacks are predictable.

Avoiding Using Information Hiding to Ensure Security

The device system is huge and complex. It is of little significance to prevent attackers from finding vulnerabilities of the system by hiding internal implementation details and data storage locations for ensuring system security.

The practice proves that network security cannot be hardened after internal implementation details are hidden. Actually, an open system helps to detect problems, and therefore the corresponding preventive measures can be adopted in time.

Shortest Plank Principle

The security defense capabilities of devices depend on the unit that has the weakest security defense capabilities.

Security hardening must consider the confidentiality, integrity, and availability of devices to really ensure the security of the system. Any single security defense measure may fail to build a robust system.

Updated: 2019-05-06

Document ID: EDOC1000097300

Views: 4823

Downloads: 72

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next