No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

ME60 V800R010C10SPC500 Configuration Guide - Security Hardening 01

This is ME60 V800R010C10SPC500 Configuration Guide - Security Hardening
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Disabling Unused Services and Ports

Disabling Unused Services and Ports

Disable unused services and Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) ports based on analysis of the ME device service requirements and the minimum authorization principle (by default, access channels are disabled unless definite access requirements exist).

Example of Disabling FTP Ports

Networking Requirements

Files must be transferred in Secure File Transfer Protocol (SFTP) mode to ensure file transfer reliability. File Transfer Protocol (FTP) ports of devices must be disabled to ensure device security and prevent unauthorized users from attacking devices using FTP ports.

Configuration Roadmap

The configuration roadmap is as follows:

  1. Check whether the FTP port of a device is enabled and whether the FTP port needs to be disabled.
  2. Disable the FTP port to prevent users from transferring files using FTP.
  3. View the status of the FTP port of the device and check whether the FTP port is successfully disabled.
Data Preparation

None

Procedure
  1. Check the status of the IPv4 FTP port.
    <HUAWEI> display tcp status
    ----------------------------------------------------------------------------
    Cid/SocketID         Local Addr:Port       Foreign Addr:Port   VPNID      State
    ----------------------------------------------------------------------------
    0x80932724/131216    0.0.0.0:22            0.0.0.0:0           1          LISTEN 
    0x80C8272A/131218    0.0.0.0:23            0.0.0.0:0           1          LISTEN
    0x80952725/131219    0.0.0.0:21            0.0.0.0:0           1          LISTEN
    

    The command output shows that the FTP port is enabled.

    NOTE:

    The FTP server may listen to another port. You can run the following command to view the port number listened by the FTP server.

    <HUAWEI> display ftp-server
    Server state             : disabled
    IPv6 server state        : disabled
    Timeout value (mins)     : 30
    IPv6 Timeout value (mins): 30
    Listen port              : 21
    IPv6 listen port         : 21
    ACL name                 :
    IPv6 ACL name            : 
    ACL number               :
    IPv6 ACL number          : 
    Current user count       : 0
    Max user number          : 15
    Source IPv4 address      : 0.0.0.0
    Source IPv6 address      : ::
    Source IPv6 VpnName      : 
    
  2. Disable the FTP port.
    <HUAWEI> system-view
    [~HUAWEI] undo ftp server
    Info: Succeeded in closing the FTP server.
    [*HUAWEI] commit
    
  3. Check whether the FTP port is successfully disabled.
    <HUAWEI> display tcp status
    ----------------------------------------------------------------------------
    Cid/SocketID         Local Addr:Port       Foreign Addr:Port   VPNID      State
    ----------------------------------------------------------------------------
    0x80932724/131216    0.0.0.0:22            0.0.0.0:0           1          LISTEN 
    0x80C8272A/131218    0.0.0.0:23            0.0.0.0:0           1          LISTEN
    

    The command output shows that the FTP port is disabled.

Translation
Download
Updated: 2019-01-04

Document ID: EDOC1100059445

Views: 8114

Downloads: 9

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next