1. Reliability and Line safety
Reliability requirements are presented for fault recovery and load capability. For routers, reliability is mainly reflected in the interface failure and network traffic increase in two cases, for this reason, backup is one of the indispensable means of routers. When the main interface fails, the backup interface is automatically put into operation to ensure the normal operation of the network; When the network traffic increases, the backup interface can bear the load-sharing task.
2. Identity Certification
The identity authentication in the router mainly includes the identity authentication when accessing the router, the identity authentication of the End-to-end router and the identity authentication of the routing information.
3. Access control
A. For router access control, the password needs to be classified protection;
B. Access control based on IP address;
C. User-based access control.
4. Information hiding
When communicating with the end, it does not necessarily need to communicate with the real identity. Through address translation, you can hide the network address, only public address to access the external network. In addition to the first connection initiated by the internal network, users outside the network can not access the network resources directly through address translation.
5. Data encryption
In order to avoid the information leakage caused by the data eavesdropping, it is necessary to encrypt the transmitted information, and only the end-to-end communication can decrypt the ciphertext. By encrypting the message sent by the router, even if it is transmitted on the Internet, it can guarantee the privacy, integrity and authenticity of the message content.
6. Attack Detection and prevention
As an external interface device of an internal network, the router is the first target for an attacker to enter the internal network. If the router does not provide attack detection and prevention, it is also a bridge for attackers to enter the internal network. Provides attack detection on the router to prevent part of the attack.
7. Security Management
Each number of packets between the internal network and the external network is routed through the router, and the audit of the message on the router can provide the necessary information for the operation of the network and help to analyze the operation of the network.
Vendors provide a variety of solutions, such as the Huawei Quidway Series routers provide a comprehensive network security solution, including user authentication, authorization, data protection and so on, the security technologies adopted include: callback Technology, backup center, AAA, CA technology, packet filtering technology, address translation, VPN technology, encryption and key exchange technology, intelligent firewall and security management.