No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


NE20E-S2 V800R010C10SPC500 Configuration Guide - Security 01

This is NE20E-S2 V800R010C10SPC500 Configuration Guide - Security
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Introduction to SOC

Introduction to SOC

The Security Operating Center (SOC) determines whether the NE20E is being attacked by constantly monitoring statistics collected by security detection modules, service modules, and system monitoring modules, and takes measures accordingly to defend against attacks.

To ensure system reliability and protect services against attacks, the NE20E supports security techniques, such as rate limiting by committed access rate (CAR), attack detection, and attack defense. However, in absence of a global management center that can summarize and analyze all attack information, attack detection and defense are not comprehensive for the NE20E.

To address this problem, the SOC has been developed to summarize and analyze information reported by all security detection modules in the system. Then the SOC presents attack event reports, attack sources, cause analysis, and solutions in a centralized and concise manner.


The SOC does not display information about minor attack events that affect only a function in the system. The SOC also does not display information about events that cause system breakdown by sending constructed malformed packets or a small number of packets to attack the system. Information about the events that cause system breakdown is displayed by service modules, the NMS, the log function, and the attack source tracing function.

The SOC displays only information about attack events that cause system risks. These attack events have the following characteristics:
  • CPU usage when the attack event occurs is much higher than that in normal cases.

  • The rate of packet loss caused by CPCAR exceeds a normal threshold.

  • A protocol module detects a large number of invalid packets or sessions, and the percentage of the number of invalid packets or sessions to the total number of packets or sessions exceeds a normal threshold.

Updated: 2019-01-02

Document ID: EDOC1100055397

Views: 20502

Downloads: 39

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Previous Next