Security Overview; Network Security Threats; Network Security Services; Network Security Technologies - HP 12500 Series Configuration Manual
Routing
Hide thumbs
Also See for 12500 Series:
- Configuration manual (402 pages) ,
- Network management and monitoring command reference (320 pages) ,
- Command reference manual (157 pages)
Table of Contents
Advertisement
Security overview
Many events happened on a network may bring threats to the network resource security, such as data
confidentiality, data integrity, and data availability. Network security services provide solutions to
remove or reduce the network security threats.
Network security threats
Information disclosure—Information is leaked to an unauthorized person or entity.
•
Damaging data integrity—Data integrity is damaged by unauthorized changing or destroying.
•
Denial of service—Make information or other network resources unavailable to their intended
•
users.
Unauthorized usage—Resources are used by unauthorized persons or in unauthorized ways.
•
Network security services
One security service is implemented by one or more network security technologies. One technology can
implement multiple services. A safe network needs the following services:
Identity authentication—Identifies users and determines if a user is valid. Typical ways include
•
Authentication, Authorization, and Accounting (AAA)-based, user names plus passwords, and PKI
digital certificate mechanism.
Access security—Controls behaviors that a user accesses network resource based on the result of
•
identity authentication, and prevents untrusted usage and access from performing privileged
actions. Major access security protocols include 802.1X, MAC authentication and portal
authentication, working together with AAA to implement user identity authentication.
Data security—Encrypts and decrypts data during data transferring and storing. Typical encryption
•
mechanisms include symmetric encryption and asymmetric encryption, and their common
applications are IP security (IPsec), Secure Sockets Layer (SSL) and Secure Shell (SSH). IPsec secures
IP communications. SSL and SSH protects data transfer based on TCP.
Attack detection and protection—Determines if traffic flows or received packets are attack packets
•
according to the packet contents and behaviors and, if detecting an attack, take measures to deal
with the attack for data link layer, network layer and application layer, including TCP and ICMP
attack protection, ARP attack prevention and IP Source Guard.
Network security technologies
Identity authentication
AAA
AAA provides a uniform framework for implementing network access management. It provides the
following security functions:
Authentication—Identifies network users and determines whether the user is valid.
•
1
Advertisement
Table of Contents
Troubleshooting
