display security risk
Function
The display security risk command displays security risks in the system and suggested solutions for the risks.
Parameters
| Parameter | Description | Value |
|---|---|---|
| feature feature-name | Displays security risks of a specified feature. | Enumerated type. The value depends on the registered module. |
| level high | Displays security risks of High level. | - |
| level medium | Displays security risks of Medium level. | - |
| level low | Displays security risks of Low level. | - |
Usage Guidelines
Usage Scenario
Protocols have different security performances, and some protocols may have security risks. Run the display security risk command to identify security risks in the system. Then clear the security risks according to the repair action in the command output. For example, if SNMPv1 is configured, the display security risk command output will prompt for the use of SNMPv3.
You can filter the security risks by specifying the security level, feature, or both.
Precautions
The security risks that are displayed vary with user levels. The system administrators can view all security risks in the system. Other users can only view the security risks matching their levels.
Example
# Display security risks in the system.
<HUAWEI> display security risk
Risk level : high
Feature name : SNMP
Risk information : SNMPv1/SNMPv2c is enabled.
Repair action : Use SNMPv3.
Risk level : high
Feature name : TELNET
Risk information : None authentication is configured for Telnet users.
Repair action : Use AAA authentication.
Risk level : medium
Feature name : CONSOLE
Risk information : No authentication is configured, password authentication is configured but no password is specified, or none auth
entication is configured on the console interface.
Repair action : Use AAA authentication.
Risk level : medium
Feature name : SSH
Risk information : SSHv1 is supported.
Repair action : Close SSHv1.
Risk level : medium
Feature name : TELNET
Risk information : The Telnet server function is used.
Repair action : Use Stelnet.
# Display security risks of the TELNET feature.
<HUAWEI> display security risk feature telnet
Risk level : high
Feature name : TELNET
Risk information : None authentication is configured for Telnet users.
Repair action : Use AAA authentication.
Risk level : medium
Feature name : TELNET
Risk information : The Telnet server function is used.
Repair action : Use Stelnet.
# Display security risks of Medium level.
<HUAWEI> display security risk level medium
Risk level : medium
Feature name : CONSOLE
Risk information : No authentication is configured, password authentication is configured but no password is specified, or none auth
entication is configured on the console interface.
Repair action : Use AAA authentication.
Risk level : medium
Feature name : SSH
Risk information : SSHv1 is supported.
Repair action : Close SSHv1.
Risk level : medium
Feature name : TELNET
Risk information : The Telnet server function is used.
Repair action : Use Stelnet.
The command output provided here is used for reference only. The actual output information depends on the situation.
Item |
Description |
|---|---|
Risk level |
Security risk level. It can be any value of the following:
|
Feature name |
Feature name. |
Risk information |
Information about the security risks. |
Repair action |
Suggested solutions for the security risks. |