beautypg.com

Data security, Managing public keys, Firewall and connection control – H3C Technologies H3C SecBlade LB Cards User Manual

Page 13: Acl based packet-filter

background image

2

Authorization—Grants user rights and controls user access to resources and services. For example,

a user who has successfully logged in to the device can be granted read and print permissions to
the files on the device.

Accounting—Records all network service usage information, including service type, start time, and
traffic. The accounting function provides information required for charging, and allows for network

security surveillance.

AAA can be implemented through multiple protocols, such as RADIUS and HWTACACS, among which
RADIUS is most often used.

PKI

Public Key Infrastructure (PKI) uses a general security infrastructure to provide information security through

public key technologies. PKI employs the digital certificate mechanism to manage the public keys. The

digital certificate mechanism binds public keys to their owners, helping distribute public keys in large
networks securely. With digital certificates, the PKI system provides network communication, e-commerce

and e-Government with security services.
H3C's PKI system provides digital certificate management for SSL.

Data security

Managing public keys

Public key configuration enables you to manage the local asymmetric key pairs (such as creating and

destroying a local asymmetric key pair, displaying or exporting the local host public key), and configure

the peer host public keys on the local device.

SSL

SSL is a security protocol that provides secure connection services for TCP-based application layer

protocols such as HTTPS by using the public key mechanism and digital certificates. SSL is independent

of the application layer, so the connection at the application layer is safe, and unknown to SSL.

SSH

SSH is a network security protocol implementing remote login and file transfer securely over an insecure

network. Using encryption and authentication, SSH protects devices against attacks such as IP spoofing

and plaintext password interception.

Firewall and connection control

ACL based packet-filter

An ACL packet-filter implements IP packet specific filtering.
Before forwarding an IP packet, the device obtains the following header information:

Number of the upper layer protocol carried by the IP layer

Source address

Destination address

Source port number

Destination port number

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: