Manualshelf

3Com Switch 8800 Family IPsec Module Configuration and Command reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
11121314151617181920
3
NETWORK SECURITY CONFIGURATION
n
The content below applies to the IPsec module, so the command views in this
document apply to the module and not the Switch 8800 Family switches.
Introduction to the
Network Security
Features Provided by
Comware
A security gateway must be able to withstand the various malicious attacks from
the public network. On the other hand, the accidental but destructive access of
the user may also result in significant performance decrease and even the
operation failure.
Comware provides the following network security characteristics:
AAA services based on Remote Authentication Dial-In User Service (RADIUS)
provide the security services of Authentication, Authorization, and Accounting
on accessing users for preventing illegal accessing.
Authentication protocol supports CHAP and PAP authentication on PPP line.
Packet filter implemented through access control list (ACL) specifies the type of
packets that the security gateway will permit or deny.
Application specific packet filter (ASPF), or status firewall, is an advanced
communication filtering approach that checks the application layer information
and monitors connection-oriented application layer protocol state, maintain
the state information of each connection, and dynamically makes decision in
permitting or deny a packet.
IP security (IPsec): it guarantees the privacy, integrity and validity of the data
packets while transmitted on the Internet through encryption and data source
authentication on the IP layer.
Internet key exchange (IKE) provides the services of auto-negotiated key
exchange and security association (SA) establishment to simplify the use and
management of IPsec.
Event log is used to record system security events and trace illegal access in real
time.
Address translation provided by NAT Gateway (GW), which separates the
public network from the intranet, makes the IP addresses of the internal
devices unknown to the public network and hence prevents the attacks
initiated from it.
Dynamic routing protocol authentication: ensuring reliable route information
to be exchanged.
Hierarchical view protection divides users into four levels, each assigned with a
configuration right, and a user cannot access the view of a higher level.