No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

ME60 V800R010C10SPC500 Configuration Guide - Security Hardening 01

This is ME60 V800R010C10SPC500 Configuration Guide - Security Hardening
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Telnet

Telnet

  • Authentication

    A Telnet server supports password authentication and AAA authentication. Only users that are authenticated can access a device and its command line interface. Passwords used in authentication are encrypted using an irreversible algorithm.

  • Service disabling

    After the Telnet server function is enabled, a device starts socket listening. In this case, attackers can easily scan devices. When the Telnet server is not in use, disable the Telnet server function and relative ports.

  • Port number changes

    Telnet server port 23 is a well-known port number. Therefore, the port number is easily scanned and attacked. Telnet server port 23 can be changed to a private port number to reduce the possibility of being scanned or attacked. A private port number can be 23 or range from 1025 to 65535.

  • Access control lists (ACLs)

    ACLs can be configured for virtual type terminal (VTL) channels in the user-interface view. ACLs are used to limit which client IP addresses can be used to access a device.

    An ACL can be configured for the Telnet service also. The ACL limits IP addresses of clients that access a device using Telnet.

  • Source interface configuration

    Source interfaces that are allowed to access the Telnet server can be specified. Users must access a Telnet server function-enabled device using the IP addresses of the specified source interfaces. In this way, the access range is controlled, and device security is enhanced.

  • Source IPv6 address configuration

    Source IPv6 address that is allowed to access the Telnet server can be specified. Users must access a Telnet server function-enabled device using the IPv6 addresses of the specified source interfaces. In this way, the access range is controlled, and device security is enhanced.

  • IP blacklist

    When network attackers send a large number of Telnet requests, authorized users cannot log in to the system through temporary sessions. To prevent this issue, network attackers' IP addresses are temporarily locked by the system for a period of time so that authorized users can log in to the system.

Translation
Download
Updated: 2019-01-04

Document ID: EDOC1100059445

Views: 7478

Downloads: 9

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next