Security

About This Document

AAA and User Management Configuration (Administrative Users): This function is used to check user validity and grant rights to authorized users to ensure network security.

ARP Security Configuration: This chapter describes how to configure Address Resolution Protocol (ARP) security, including anti-ARP proofing and anti-ARP flooding, to improve the security and robustness of the network communication and network devices.

DHCP Snooping Configuration: This chapter describes how to configure Dynamic Host Configuration Protocol (DHCP) snooping to provide more secure and stable network services for users.

DHCPv6 Snooping Configuration

GTSM Configuration: The GTSM mechanism defends against attacks by checking the TTL value.

HIPS Configuration

Keychain Configuration: This chapter describes the keychain fundamentals. It also provides keychain configuration steps based on different parameters along with typical example.

URPF Configuration: Unicast Reverse Path Forwarding (URPF) can prevent network attacks based on source address spoofing.

Local Attack Defense Configuration: Local attack defense restricts the packets to be sent to the CPU through attack source tracing, TCP/IP attack defense, CAR, application layer association, and management/control plane protection to ensure the device security and normal service processing on the CPU.

SOC Configuration: The Security Operating Center (SOC) implements intelligent detection and attack event analysis and provides attack event reports based on the analysis, which makes security maintenance more efficient. This chapter describes the basic concepts, configuration procedures, and attack event analysis methods of the SOC.

Packet Header Obtaining Configuration: Packet header getting enables a device to obtain packet headers sent to central processing units (CPUs) or forwarded packet headers for fault locating.

BGP Flow Specification Configuration: BGP Flow Specification is used to guard against denial-of-service (DoS) and distributed-denial-of-service (DDoS) attacks. In this manner, network performance and security are improved.

IPsec Configuration: Configure IPsec to provide more secure network services for users.

PKI Configuration: Public Key Infrastructure (PKI) certificate is a digital certificate that authenticates users that attempt to set up IPsec tunnels between each other. A certificate provides a centralized key management mechanism for IPsec.

Mirroring Configuration: Mirroring helps you monitor a network and troubleshoot faults.

Layer 2 Traffic Suppression Configuration: Layer 2 traffic suppression limits the bandwidth for forwarding broadcast, multicast, and unknown unicast traffic, which ensures bandwidth for forwarding unicast traffic.

MPAC Configuration

Configuring 802.1X Port-based Authentication: Before configuring 802.1X Port-based Authentication services, familiarize yourself with the usage scenario, complete the pre-configuration tasks, and obtain the data required for the configuration. This helps you complete the configuration task quickly and accurately.

Security Risk Query Configuration: Run the display security risk command to check security risks in the system. Then clear the security risks as prompted.

System Master Key Configuration: You can configure the system master key to enhance data security and reliability.

Trusted System Configuration

Parent Topic: Configuration

Copyright © Huawei Technologies Co., Ltd.

Copyright © Huawei Technologies Co., Ltd.

< Previous topic Next topic >