No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

ME60 V800R010C10SPC500 Configuration Guide - Security Hardening 01

This is ME60 V800R010C10SPC500 Configuration Guide - Security Hardening
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Improving Account and Authority Management

Improving Account and Authority Management

In scenarios with low security requirements, ME devices store passwords and keys in plaintext mode, which facilitates viewing of configurations during ME device maintenance and usage. However, it is strongly recommended that the following requirements be met when accounts, passwords, and keys are configured and used:

  • Preferentially use the Irreversible-cipher mode, then the Cipher mode.
  • Same accounts and passwords must not be configured for ME devices on all telecommunication networks.
  • The same account and password must not be shared by many people.
  • Passwords must be updated periodically.
  • The password strength must meet security requirements.
  • A unified authentication, authorization and accounting (AAA) system must be configured on the entire network to authenticate login accounts. Accounts must not be authenticated on ME devices locally.
  • Authorities must be allocated to accounts based on the minimum authorization principle. Allocation of authorities beyond the responsibility range is not allowed.
  • The non-authentication access mode must not be configured. Channels that request access to ME devices must pass the authentication, authorization, and accounting.
  • All activity logs of accounts must be recorded for subsequent analysis.
Translation
Download
Updated: 2019-01-04

Document ID: EDOC1100059445

Views: 7584

Downloads: 9

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next