No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


ME60 V800R010C10SPC500 Configuration Guide - Security Hardening 01

This is ME60 V800R010C10SPC500 Configuration Guide - Security Hardening

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Basic Network Security Principles

Basic Network Security Principles

When hardening security of ME devices, you must obey basic network security principles to ensure that the configuration design scheme can meet security requirements to the largest extent.

Systematic Project Principle

A telecom network is a huge information system. It is a systematic project to ensure the security of the telecom network. Any single devices, nodes, technologies, and configurations cannot ensure the security of the entire network.

Network security is an organic whole that consists of many physical devices, security technologies, and best practice in the security field linked based on a proper security hardening configuration scheme.

Security hardening is to evaluate security threats that each system unit may encounter and to comprehensively take security defense measures to maximize the security capabilities of the system.

Service Preference Principle

Ensure the smooth running of services when security hardening conflicts with services. During security hardening, the security personnel must have an in-depth communication with business departments to understand business objectives. Security hardening must serve business objectives.

"Security Out of Design" Principle

Any secure networks are built through design instead of configuration. Security configurations are preceded by a security hardening scheme.

Behavior Predictability

When designing security hardening, engineers must clearly understand the current system status, such as threats, vulnerabilities, security defense capabilities, and evaluate security risks comprehensively.

During design for security hardening, the responses and possible states of the system under security attacks are predictable.

Avoiding Using Information Hiding to Ensure Security

The ME device system is huge and complex. It is of little significance to prevent attackers from finding vulnerabilities of the system by hiding internal implementation details and data storage locations for ensuring system security.

The practice proves that network security cannot be hardened after internal implementation details are hidden. Actually, an open system helps to detect problems, and therefore the corresponding preventive measures can be adopted in time.

Shortest Plank Principle

The security defense capabilities of ME devices depend on the unit that has the weakest security defense capabilities.

Security hardening must consider the confidentiality, integrity, and availability of ME devices to really ensure the security of the system. Any single security defense measure may fail to build a robust system.

Updated: 2019-01-04

Document ID: EDOC1100059445

Views: 9075

Downloads: 11

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Previous Next