beautypg.com

Security overview, Network security threats, Network security services – H3C Technologies H3C SecBlade LB Cards User Manual

Page 12: Network security technologies, Identity authentication

background image

1

Security overview

Network security threats are happened or potential threats to data confidentiality, data integrity, data

availability or authorized usage of some resource in a network system. Network security services provide

solutions to solve or reduce those threats to different extents.

Network security threats

Information disclosure—Information is leaked to an unauthorized person or entity.

Damaging data integrity—Data integrity is damaged by unauthorized changing or destroying.

Denial of service—Make information or other network resources unavailable to their intended
users.

Unauthorized usage—Resources are used by unauthorized persons or in unauthorized ways.

Network security services

One security service is implemented by one or more network security technologies. One technology can
implement multiple services. A safe network needs the following services:

Identity authentication—Identifies users and determines if a user is valid. Typical ways include
AAA-based user name plus password authentication and PKI digital certificates.

Data security—Encrypts and decrypts data during data transferring and storing. Typical encryption
mechanisms include symmetric encryption and asymmetric encryption, and their common

applications are Secure Sockets Layer (SSL) and Secure Shell (SSH). SSL and SSH protect data

transfer based on TCP.

Firewall—A highly effective network security model to block unauthorized Internet access to a
protected network. Major firewall implementations are ACL based packet filter and Application

Level Gateway (ALG).

Attack detection and protection—Determines if traffic flows or received packets are attack packets
according to the packet contents and behaviors and, if detecting an attack, take measures to deal

with the attack for data link layer, network layer and application layer, such as TCP attack

protection.

Network security technologies

Identity authentication

AAA

AAA provides a uniform framework for implementing network access management. It provides the

following security functions:

Authentication—Identifies network users and determines whether the user is valid.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: