Table of Contents
Advertisement
HUAWEI USG6000&USG9500
Upgrade Guide
l
l
Customer and its authorized parties shall, as required by applicable laws and regulations,
provide the users, governmental bodies, and any other third parties with necessary
information, and obtain and maintain all necessary consents, licenses, and authorizations,
when using and maintaining Features. Applicable laws and regulations, user agreements,
terms of use, privacy policy or statement, any other lawful agreements (Agreements), and
publicly or targeted statements (Statements) shall not be violated. Huawei provides Features
to Customer as per Customer's warrants to Huawei that Customer will use and maintain
Features as permitted by applicable laws and regulations, Agreements and Statements.
Huawei will not bear any legal obligations or liabilities, including but not limited to, claims,
liabilities, obligations, costs, expenses, penalties, injunctions, and judgments that are not
caused by Huawei's misconduct when Customer and its authorized parties are using and
maintaining Features.
In the event that any governmental body adopts laws and regulations, or Customer signs
agreements with third parties or makes statements, which materially affect the legitimacy of
Features wholly or partially, or the provision of Features, Huawei reserves its right to, at its
sole discretion, terminate the provision of Features without any liability to the extent
permitted by law.
Encryption Algorithm Declaration
Currently, the device uses the following encryption algorithms: DES, 3DES, AES, RSA,
SHA1, SHA2, and MD5. The encryption algorithm depends on the applicable scenario. Use
the recommended encryption algorithm; otherwise, security defense requirements may be not
met.
l
l
l
l
l
l
Issue 01 (2018-01-16)
ISP network. This implementation minimizes the access latency and improves service
experience.
The URL Remote Query function extracts URLs from HTTP packets and controls the
URLs by category. To be specific, the device analyzes the header of each HTTP request
and sends the obtained URL information to a remote URL category server through
encrypted packets.
The Cloud Sandbox detection function extracts the files transferred on the network and
sends them to the sandbox system in the cloud for in-depth file inspection to check
whether APTs occur. The sandbox then sends the analysis result to the device. Once
detecting malicious traffic, the sandbox instructs the device to block the traffic.
The encryption algorithms DES/3DES/RSA (RSA-1024 or lower)/MD5 (in digital
signature scenarios and password encryption)/SHA1 (in digital signature scenarios) have
a low security, which may bring security risks. If protocols allowed, using more secure
encryption algorithms, such as AES/RSA (RSA-2048 or higher)/SHA2/HMAC-SHA2, is
recommended.
For the symmetrical encryption algorithm, use AES with the key of 128 bits or more.
For the asymmetrical encryption algorithm, use RSA with the key of 2048 bits or more.
For the hash algorithm, use SHA2 with the key of 256 bits or more.
For the HMAC algorithm, use HMAC-SHA2.
SHA2 is irreversible encryption algorithm. The irreversible encryption algorithm must
be used for the administrator password.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
About This Document
iii
Hide quick links:
Advertisement
Table of Contents
