No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Feature Description - Security 01

This is NE40E V800R010C10SPC500 Feature Description - Security
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Overview of Device Security

Overview of Device Security

This section describes device security, its purpose, and its advantages.

Definition

Device security uses multiple security mechanisms to ensure that the packets sent for central processing (CP) conform to the configured specifications. Device security is implemented by filtering the spoofing and malformed packets sent for CP through unicast reverse path forwarding (URPF) on an interface and TCP/IP attack defense, by discarding packets with invalid TTLs through Generalized TTL Security Mechanism (GTSM) detection of TTLs of packets sent for CP, by classifying packets sent for CP according to protocol granularities (The bandwidth is 100 kbit/s by default. The function should be configured to discard packets when the service is disabled), restricting the bandwidth, and scheduling priorities, by protecting management interfaces and service interfaces through management plane protection. In this manner, the CPU is free from overload, and device security is enhanced. Device security supports the following features:

  • Application layer association

  • Management plane protection

  • TCP/IP attack defense

  • Attack source tracing

  • Dynamic link protection

  • GTSM

  • TM three-level scheduling

  • CP-CAR

  • Whitelist

  • Blacklist

  • User-defined flow

  • Smallest packet compensation

  • Alarm

Purposes

Devices that connect to the Internet are vulnerable to attacks. Therefore, devices must analyze attack packets in real time to eliminate threats, filter out attack packets, and trace attack sources to prevent repeated attacks. Device security ensures device stability, which enables the uninterrupted provision of services and improves user experience. Devices may face the following threats:
  • Unauthorized users remotely accessing NE40Es.

  • Malicious users exploiting TCP/IP vulnerabilities to attack the NE40E protocol stacks.

  • Large numbers of packets flooding the upstream channel of NE40Es.

  • Denial of Service (DoS) attacks consuming CPU and system memory resources.

  • Forged source IP addresses spoofing NE40Es, which wastes forwarding entries and CPU resources.

Benefits

Device security offers the following benefits to carriers:

Services are not affected in case of attacks on the device, the device can work stably, and the quality of service (QoS) is guaranteed.

Device security offers the following benefits to users:

Service reliability is enhanced.

Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055047

Views: 14151

Downloads: 34

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next