exchange between public network protocols and private network protocols, the firewall
enables participants on local area networks (LANs) in different places to make use of video
conferences. With NAT, a device on a LAN is allocated a dedicated internal IP address that
uniquely identifies the device on the LAN, and the device uses an external IP address to
communicate with external devices. Through NAT mapping, multiple internal IP addresses
are mapped to one external IP address. NAT mapping not only reduces the number of IP
addresses that are needed for users on a private network to access the Internet, but also
enhances the security of the private network.
6.4 Traversal Between Public and Private Networks
The standard H.460 and Security Traversing Gateway (STG) traversal technologies are used
to set up secure connections between the public and private networks through the firewall.
6.5 Email Security
To ensure the security of email accounts and sent emails, the STARTTLS protocol is used by
default to authenticate the mail server and send encrypted emails.
6.6 Web Request Authentication
l
When a user requests access to a specified web page or submits a Servlet request, the
Box 700 checks whether the user's session identifier is valid and whether the user is
authorized to perform the operation.
l
The server implements the final authentication on the user.
l
Before transmitting user-generated data to clients, the server verifies the data and
encodes it using HyperText Markup Language (HTML) to prevent malicious code
injection and cross-site scripting attacks.
l
Web security software is used to scan the web server and applications to ensure that there
are no high-risk vulnerabilities.
6.7 Protocol Anti-Attack Measures
l
The communication matrix is provided in the product documentation. Do not enable the
services and ports that are not described in the communication matrix.
The communication matrix contains the following information:
–
Open ports
–
Transport layer protocols used by the ports
–
NEs that use the ports to communicate with peer NEs
–
Application layer protocols used by the ports and description of the services at the
application layer
–
Whether services at the application layer can be disabled
–
Authentication modes adopted by the ports
–
Port functions (such as data traffic control)
HUAWEI Box 700
Product Overview
6 Security and Reliability
Issue 05 (2019-06-20)
Copyright © Huawei Technologies Co., Ltd.
33