Sie sind auf Seite 1von 29

Resource support on Learning website

You can get free E-Learning courses, training materials, product materials, software, cases and so on.
e n
/
 1、E-Learning Courses: Logon http://learning.huawei.com/en and enter Huawei Training/E-Learning
o mUser E-Learning
 Paid Courses: who purchased E-Learning course will have the privilege to learn Charged
i .c
courses and Online Test.
w e
HCIE privilege Courses: After received any HCIE Certification, you will havea

hu the privilege to learn the E-


Learning courses and Online Test which are for HCIE Certification Users. .
glearning privilege
 Partner E-Learning Courses: Any Huawei Partner Engineer have the
n i n
Free E-Learning Courses: Any website users have the learning rprivilege

le a
 2、Training Materials:
: / /
Logon http://learning.huawei.com/en and enter HuaweipTraining/Classroom Training ,then you can download
t t
h
training material in the specific training introduction page.
:
Huawei product training material and Huawei
e s career certification training material are accessible without
c

r
ouVirtual Class(LVC) are ongoing freely
logon.
3、 Huawei Online Open Class(LVC): s Live
Retraining and product training covering all ICT technical domains like R&S,

The Huawei career certification


g

UC&C, Security, Storagen


i and so on, which are conducted by Huawei professional instructors
n Download: http://support.huawei.com/enterprise
4、Product Materials and rSoftware

e a Huawei has built up Huawei Technical Forum which allows candidates to discuss

e L
5、Community:In addition,

or
technical issues with Huawei experts , share exam experiences with others or be acquainted with Huawei Products

M
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential 1
n
/e
o m
i .c
w e
u a
.h
g i n
Huawei Cyber Security Guide arn for Partners
e
/: /l
t tp
: h
e s EBG Enterprise Technical Service Dept
r c EBG Cyber Security Office
o u
s September, 2016
Re
n g
rni
e a
e L
o r
M
Agenda n
/e
o m
i .c
we
u a
 What Is Cyber Security? .h
i ng
 Cyber Security Risks ar n
/ / le
 p
Huawei Cyber Security: Assurance System
t t
: h

es Security Requirements on Partners
Huawei's Cyber
r c
u
 so
Reference
Re
n g
rni
e a
e L
o r
M
2
What Is Cyber Security? n
/e
o m
Definition:
i .c
e
Cyber security is the protection of the availability, integrity, confidentiality, traceability, and robustness & resilience of products, solutions, and
w
a
services, as well as users' and customers' communication data, personal data, privacy, and unbiased information carried over customer
u
h
networks in compliance with the laws and regulations of the applicable countries and regions. Cyber security aims at ensuring the continuity
.
i ng
and lawful operation of services and preventing device suppliers and service providers from reputation damages and joint liabilities.

rn
Availability: Authorized users can use network services and

le a
information at any time. For example, authorized users can

Cyber : // manage customer network account rights. For example,

t t p authorized users can manage permissions of accounts on


Security
: h customer networks.

e s  Integrity: Information is accurate, reliable, and complete,


Data/privacy on
r c without any unauthorized changes. For example, logs must not
customer networks
o uresilience &
Robustness be modified or deleted without customer permissions.
es
Availability
R  Confidentiality: Only necessary information access is granted,
Service continuity &
n g and information transfer is under protection and management.

ni
robust network

ar
Traceability: Products or services provided are traceable. For
example, operation details are recorded in operation records
Integrity L e Traceability and logs.
r e
Confidentiality
o  Robustness & resilience: Products and data configurations
M are robust. For example, firewall configurations must be able to
defend against attacks from hackers.
3
Agenda n
/e
o m
i .c
we
u a
 What Is Cyber Security? .h
i ng
 Cyber Security Risks ar n
/ / le
 p
Huawei Cyber Security: Assurance System
t t
: h

es Security Requirements on Partners
Huawei's Cyber
r c
u
 so
Reference
Re
n g
rni
e a
e L
o r
M
4
Technical Risk: Technology and Service Innovation Poses More Security
n
/e to People
Threats and Challenges While Bringing Considerable Benefits
o m
c
With the increasing ICT openness, IP-based network

.
Attacks and theft aiming at gaining economic interests keep According to industry research, 55% security threats are
evolution, terminal intelligentization, cloud computing, big
data application, and multi-service convergence,
increasing, hacker attacks become industrialized, and cyber
security incidents occur frequently, incurring great economic e i
from enterprise employees, and 37% security threats
are from unauthorized access. Therefore, employee
technologies and services are more and more complicated,
and attack methods become more diversified and complex.
and reputation loss of enterprises and organizations.
aw education and preventive measures are very important.

h u
g .
n i n Who are the bad guys?

ar
le
Spam 23.5% Inadvertent actor

//
Phishing Unauthorized
website access The US IRS system was
p :
Ukraine power network

tt
hacked, causing $50 million suffered from a malware 31.5% Malicious insiders
Traditional Forgery loss.
: h attack, resulting in the power

s
virus failure for hundreds of
45.0%
ce
thousands of users. Outsiders
Trojan
Network
Tampering
u r
o
horse/Worm
Top 3 cyber security threats
s
Eavesdrop
Re 37% Unauthorized access
g
Botnet /DDoS ping

ni n
ar
… 20% Malicious code
APT The networks of US enterprises The network of UK Carphone

e
Malware/ and organizations, such as Warehouse was hacked,
Spyware

e L Anthem, UCLA, and CVS, were leading to disclosure of


20% Sustained probe/scan

or
hacked, leading to disclosure of personal information (including
information (including credit credit card information) about
card information) about over approximately 2.4 million
M 84.5 million customers. customers.

5
Legal Risk: Countries Improve Legislation to Protect Communications Network
n Laws May
/e
Security and Personal Data and Privacy, and Violation of Related
om Criminal Sanction
Cause Civil Compensation, Administrative Sanction, or Even
.c
e i
Illegal aw
Illegal cyber Lawful Illegal
h u
.
personal Unauthorized Equipment Data System Computer
interception/ personal
g
security data access abuse interference interference crime
conducts blocking
processing
data transfer
i n
arn
e
/: /l
t t p
Law- Communications secrets and
: h Customer communications network
s
protected Personal data and privacy
e
freedom and information security
interests
r c
EU: Convention on Cybercrime, Directive onuPrivacy and Electronic Communications, Data Protection Directive/GDPR, etc.
Example
s o Freedom of Information Act, Data Protection Act, Computer Misuse Act, etc.
legislation of e
UK: Regulation of Investigatory Powers Act,
R
Germany: German Code of Criminal Procedure, German Telecommunications Act, German Federal Data Protection Act, etc.
some
countries
i n g
France: Criminal Code of the French Republic, French Data Protection Act, Postal and Electronic Communications Code, etc.

Computer Security Act, etc.rn


US: Electronic Communications Privacy Act, Computer Fraud and Abuse Act, National Information Infrastructure Protection Act,

e a
e L
o
Unified cyber securityrlaws and regulations are lacked. Related laws and regulations are covered in legislation on associated fields like
national security,M
telecommunication, criminal, and data protection. Actors may have to bear criminal liability for violation of some laws.

6
Customer Requirement: Customers Poses Cyber Security Requirements to Equipment
en Brand
Vendors Based on the Needs for Compliance, Information Security, and
/
Reputation, and the Supply and Service Processes Involve MultiplemParties, Determining
co
i.
that Cyber Security Guarantee Demands the Efforts of Various Parties
e
w
ua
Equipment Logistics service Logistics service
vendor provider Partner provider Customer
Business
.h
organizations
i ng
r n
le a
: //
p
R&D/ Cargo Delivery Cargo Network
Work division production transportation
t t service transportation operation

h
:
e s
r c
u
o and service processes that are not limited to equipment vendors but
Cyber security risks like tampering, implantation, virus, unauthorized access, and illegal data transfer
s
Cyber security

Re involve all parties in the supply process.


exist throughout the entire supply
risks

i n g
Product
r n Logistics Service Operation
security
e a security security security
Customer
network security
e L
requirements
o r Personnel security

M Check/Audit

7
Agenda n
/e
o m
i .c
we
u a
 What Is Cyber Security? .h
i ng
 Cyber Security Risks ar n
/ / le
 p
Huawei Cyber Security: Assurance System
t t
: h

es Security Requirements on Partners
Huawei's Cyber
r c
u
 so
Reference
Re
n g
rni
e a
e L
o r
M
8
Huawei Cyber Security Strategy, Vision, and Mission
n
/e
o m
i .c
Statement on Establishing a Global Cyber Security Assurance System
w e
a
"… In light of the foregoing, Huawei hereby undertakes that as a crucial company strategy, based on compliance with the applicable laws, regulations, standards of
u
h
relevant countries and regions, and by reference to the industry best practice, it has established and will constantly optimize an end-to-end cyber security assurance

g .
system. Such a system will incorporate aspects from corporate policies, organizational structure, business processes, technology and standard practice. Huawei has
been actively tackling the challenges of cyber security through partnerships with governments, customers, and partners in an open and transparent manner. In addition,

i n
Huawei guarantees that its commitment to cyber security will never be outweighed by the consideration of commercial interests.
n
…"
For details, refer to Huawei official website:
ar
English: http://www.huawei.com/en/about-huawei/declarations/cyber-security

//le
p :
t t
: h
s
rce
Vision To enable people to utilize information services in a secure, convenient, and equal manner

o u
es
Through global cooperation, toRexplore effective cyber security approaches and establish and implement an end-to-end
Mission i n g
customer-oriented cyber security assurance system with transparency and mutual trust, and ensure customers' long-term
r n
trust in Huawei cyber security
e a
e L
or
M
9
Huawei End-to-End Cyber Security Assurance System Is Incorporated into
n
/e
Related Service Processes, Including Supplier and Partner Management
o m
i .c
Completeness of security
requirement collection
Awareness of requirements
to establish baseline Execution of baselines
we Closed-loop management
mechanism
u a
Management and Control
.h
Vision, Mission, Strategy, Policy, Instruction, Culture

i ng
Stakeholders

Stakeholders
Security Continuous
objective
r n improvement
Other

Other
a
Corporate Business Process
Customer security requirement

Customer security requirement


le
Execute security baseline

IPD (Idea Market to


: //
Lead to Issue to

Establish security baseline


p
Operating

Audit security baseline


to Market) Lead Cash Resolution
Laws and

t
End user

End user
regulations,
security Develop

: h
Manage Manage
Service Security statement, white

s
Strategy to Capital Client
agreement, Delivery paper, clarification, verified

rce
Execute Investment Relation
Enabling
inquiry, Manage product , communication
security Supply Procurement Partner for transparency and
u
Operator

Operator
Relation
concern,
o
mutual trust, audit findings
verification and
audit,
es
Supporting
Manage Manage Manage
Manage security resolution

R
Business
HR Finances BT&IT
Support
security issues

n g
Government

Government
ni
Requirement Commercial Ecosystem Solution
Expectation
a r Cooperation and Contribution Product
Service
e
Challenge

eL
Organization and Competence

or
R&D, Sales & service, Procurement, Supply Chain, JCOR, Legal affairs, PR and MKT

M
10
Huawei Has Designated a Dedicated Cyber Security Organization that Links All
n
/e of Huawei's Cyber
Related Business Departments to Ensure the Implementation
Security Assurance System om .c
e i
GSPC: provides strategic guidance and assumes the responsibilities for making
w
CEO

a
Global Cyber Security and decisions on cyber security strategies, plans, policies, roadmaps, and investments
User Privacy Protection

h u
and driving the resolution of conflicting strategic priorities and the implementation of

.
Committee (GSPC) auditing.

i n g
Global Cyber Security &
r n
GSPO: leads the team to develop security strategies, to establish the internal cyber

a
Privacy Officer (GSPO)
security assurance system, and to provide support for public relations, government

//le relations, and worldwide customers.


External Cyber Security Lab/CSEC
GSPO Office

p : GSPO Office: organizes related departments to develop operation rules and actions

t t to support the strategies, drives the implementation of the rules and actions,

: h performs audit, and tracks the implementation status. GSPO Office is the core

s
Internal Cyber Security Lab (ICSL) organization for identifying and solving cyber security issues.

u rce
s o Region/Country CSOs and Department Cyber Security Offices: collaborate with the

Networking Security
R e GSPO to identify changes in department/business unit processes and drive the
incorporation of the changes into cyber security strategies and requirements. The

g
Dept Cyber Security Office Region/Country CSO
Competence Center CSOs are also experts in their fields and contribute to the development or

ni n improvement of strategies.

ar
For details about Huawei Cyber Security White Paper Topic
Huawei cyber
security assurance
L e
Huawei Cyber Security White Paper (Sept. 2012) 21st Century Technology and Security - A Difficult Marriage
Cyber Security Perspectives: Making cyber security a part of a company's DNA - A set of integrated

e
Huawei Cyber Security White Paper (Oct. 2013)
processes, policies and standards

or
system, refer to the
cyber security white Cyber Security Perspectives: 100 requirements when considering end-to-end cyber security with your
Huawei Cyber Security White Paper (Dec. 2014)
paper on Huawei technology vendors
official website.
M
The 2016 Huawei Cyber Security White Paper(Jun. 2016) The Global Cyber Security Challenge -- It is time for real progress in addressing supply chain risks

11
Agenda n
/e
o m
i .c
we
u a
 What Is Cyber Security? .h
i ng
 Cyber Security Risks ar n
/ / le
 p
Huawei Cyber Security: Assurance System
t t
: h
 es Security Requirements on Partners
Huawei's Cyber
r c
u
 so
Reference
Re
n g
rni
e a
e L
o r
M
12
Basic Cyber Security Requirements on Partners (Specified n
in Agreements)
/e
o m
Basic Cyber Security Requirements on Partners (Specified in Agreements)
i .c
w e data and privacy protection,
Laws and regulations: Comply with all applicable laws and regulations, including those related to personal
1
communication freedom protection, and cyber security protection.
u a
.h Huawei official website http://e.huawei.com, and
2
Software tools: Obtain Huawei software and tools from legitimate channels (product package,
Huawei technical support engineers).
i n g
a rn or malicious code or software, as well as any
Anti-tampering and anti-implantation: Never embed or implant illegitimate, unauthorized,
backdoors, viruses, or Trojan horses in products/software during warehousing,letransshipment, and service.
3

: //
tpto minimize security risks, report to Huawei (PSIRT@huawei.com), and
Emergency response:

h t
After learning about security vulnerabilities in Huawei products, try best

:
s information to any third party before Huawei releases a security advisory.
cooperate with Huawei to investigate and handle the vulnerabilities.
4
r ce
Do not spread vulnerability information publicly or leak vulnerability

o u advisory to downstream partners and end customers in a timely manner.


Assume the responsibility to pass Huawei-released security

Actively cooperate with Huawei to handle security e s and take necessary remedial measures.
events
R user data) in products and parts before returning them to Huawei.

5 Material return: Erase customer data (including end


i n g
r n
Customer authorization: Obtain customer authorization for Huawei to access customer networks and data to fulfill requested services. Ensure that:
6
e a by the customer.
(1)The obtained authorization is fully consented

e L comply with all applicable laws. Partners shall be held accountable for failing to comply with applicable laws.
(2)All instructions delivered to Huawei

or
M
13
Cyber Security Event Evaluation on CSPs (Specified in CSP n
program)
/e
o m Evaluation into CSP
c Appraisal
Including of Cyber Security Event
Certification Requirements on 4-Star/5-Start CSPs
i .
Performance
For violations of theecontractual agreements or
 Each 4-star/5-star CSP needs to specify at least an 
a wpartner management regulations
employee as the cyber security specialist, who
u security regulations) that cause
Huawei's channel
h
should take Huawei cyber security courses and
.
(such as cyber
negativegimpacts, each violation reduces 10 points
pass the corresponding tests, organizes cyber
n
(total iperformance
n
r
security training sessions within their companies, appraisal score: 100 points).
and implements the requirements. a
 lePerformance appraisal score and application
 Partners whose cyber security specialists do not : //
pass the cyber security tests cannot have a
t t p Appraisal Score
Application Remarks

h
X (Points)
certification level of more than 3 stars.
s : Meeting the
A necessary condition for

e
X≥80 upgrading the channel partner

rc
standard
service certification level
Note: Each cyber security specialist needs to sign in a
personal account using e-Channel and associates the u
Downgrade the certification level of

account with his/her company, then uses the accountso


X<80 Warning CSPs that are warned for two

take cyber security courses and tests. Results ofR e


tests
to consecutive appraisal periods.

not using company-associated accounts do not


i n g count.  For CSPs causing severe impacts on Huawei,
r n Huawei may cancel their certification qualification
e a immediately.

e L
or
M
14
Cyber Security Code of Conduct for Engineers n 1/3
/e
o m
Scenario No. Cyber Security Code of Conduct
i .c
Laws and regulations: Comply with all applicable laws and regulations related to personal data and e
w public interests, steal or damage others'
privacy, communication freedom, and network
1 security protection. Do not conduct network activities that may endanger state security or jeopardize
a
uby customers' instructions and contractual terms during
h
information, or harm others' legitimate rights.

service delivery, including network access operations, personal data processing, andg
Customers' rules and regulations: Comply with customers' rules and regulations, abide .
2
n i n data transfer, and observe customers' or organizations'

r
administrative regulations when entering customers' equipment rooms, NMS centers, office areas, and sensitive areas (such as in government
organizations and militaries).
l a
e customer
3 Attack and damage: Do not attack or damage customer networks or crack
Tampering and implantation: Do not tamper with products, implant malicious
: / / code,
account passwords.
software, or backdoors in customer devices or systems, or
tp do not access (including remotely access) customer systems, or collect,
4
t
reserve private or undisclosed interfaces or accounts.
5
Customer data processing: Without customers' written authorization,
: h networks.
Universal
possess, process, or modify any data or information on customer
e s data or information, including personal data, in any form and by any means. Undertake
Data confidentiality: Do not leak or spread customer network
r c obtained during service delivery unless the information or data is legitimately disclosed.
u
strict confidentiality obligations for any information or data
6

s o
Without customers' written authorization, do not reference any undisclosed customer network data or information in external communication,

Illegitimate use of data: Do not capitalize onecustomer system data or information for personal interests or other illegitimate purposes.
discussion, or presentation.
7
R
Material (faulty parts and spare parts)greturn: Remind customers to clear data from parts when receiving customer materials.
Emergency response: Report cyberin
8

r n security events to Huawei business contacts in a timely manner. Report vulnerabilities to PSIRT@huawei.com
9
a attack or and jail-breaking methods.
in a timely manner. Do not communicate
e
vulnerability information with, or spread or leak vulnerability information to any thi rd party before a security

e L permission change upon post and responsibility adjustments. When the personnel leave a project, revoke their
advisory is released. Do not spread
Stuff turnover: Apply for account
10
o r
permissions to access related customer systems and sites, hand over or delete customer network data possessed, and perform checks. If necessary,

M
notify customers of the leave.

15
Cyber Security Code of Conduct for Engineers
e n 2/3
/
o m
Cyber Security Code of Conduct i.
c
Scenario No.
w e accessing customer sites, equipment
11
Access to customer sites and facilities: Obtain customer authorization before
u a
rooms, and office areas.
.h customer networks. Do not use personal
Onsite access: Obtain customers' written authorization before accessing
i n gnetworks, including production, testing, and office
rn
12 portable devices, endpoints, or storage devices to access customer
networks.
Remote access: Obtain customers' written authorizationle
a
/ / before remote access to customer networks, clarify the purpose,
scope, and time range for the access, and ensure that: the remote access environment requirements are manageable,
13
monitorable, and traceable. (For example, only users t tpwith management permissions can install and manage applications
:
and record all operations performed during the accessh to customer networks.)
Accessing
Use of accounts:
e s
customer
r c and do not use others' or unauthorized accounts to log in to customer devices.
u or passwords. Do not enter customers' business accounts or passwords when
networks (1) Use only customer authorized accounts

14 creating or processing troublees


(2) Do not share or disseminate accounts
o
tickets in IT systems.
R and passwords for different users and abide by password strength rules.
(4) Confirm with customers g
(3) Configure dedicated accounts

privilege principle. n i n and ensure that accounts are granted with only necessary permissions based on the minimal

a r software, patches, licenses, and tools from legitimate channels (product package and Huawei
15 e
Software & tools: Obtain
L
official website http://e.huawei.com). Do not run software or tools obtained from non-official channels.
r e Before connecting PCs, endpoints, or storage devices to customer networks, scan viruses and ensure
o software or virus exists on them.
Virus scanning:
16
M
that no malicious

16
Cyber Security Code of Conduct for Engineers
e n 3/3
/
o m
Cyber Security Code of Conduct .c
Scenario No.
e i or use any software or tool and do not
17
aw
Software and tools: Without customers' written authorization, do not download, install,

u on customer networks and do not perform any


use data collection or performance analysis tools on customer networks.
Operation scope: Request customer companion when performing operations
.h
Performing
18
unauthorized operations.
i n gbefore collecting, transferring, storing, using, and
processing customer network data (including personal data). rn
operations on Customer data processing: Obtain customers‘ written authorization
customer
19
l e a
networks
: /
Without customers' written authorization, do not access or process
information, or keystroke records that may involve user privacy
user voice messages, short messages, accurate location
/ or personal data. Anonymize exported personal data.
t
Abuse of customer networks: Do not do non-work-related t p things on customer networks, for example, playing games, logging in
20
h
: written authorization, do not take devices or storage devices that contain
to non-work-related websites, or accessing non-work-related resources.
Transfer of customer data: Without customers'
customer network data (including personalcdata)
s
e away from customer sites, do not transfer customer data out of customer
21
r
u customer network data after customer authorization expires or tasks are finished.
o
networks, and delete or destroy possessed
s
Leaving
customer 22 R e
Account handover: After the implementation project is finished or the maintenance is complete, hand over accounts and
networks
n g
passwords (including administrator account password) and remind customers to change passwords or delete accounts.
i of remote service activities, tell customers to close the remote service environment on their devices,
r
Remote access: At the end
n
23
a
such as tearing down remote service connections and stopping remote service software, and remind customers to disconnect the
connection used in e
e L remote services in a timely manner.

or
M
17
Examples of Irregular Behavior or Behavior That Easily
e n
Causes Violation or Security Issues /
m o
c
i. or Security Issues
No. Examples of Irregular Behavior or Behavior That Easily Causes Violation
w e
1 Take use of the Wi-Fi networks in customers' office areas to access the Internet without permission. a
u it is difficult to reproduce problems and get into
Without customers' authorization, directly access customer networks to locate problems when
.h
g
2
touch with customers, although with no ill intention.

n
Fail to remind customers to delete or change network accounts after customers' authorizationi n on the accounts expires and continue to use the
accounts when a network fault occurs. For example, fail to hand over account rpasswords
3
e a used in engineering phase and continue to use them in

/lhave not obtained accounts use others' accounts to perform network


the maintenance phase.
Due to personnel changes and slow approval processes, newcomers who
: /
4
operations temporarily.
t t p
hunpredictable results. For example, incorrect configuration may lead to service
For easy fault location, install and run unauthorized software tools (obtained from non-official channels, for example, from the Internet) on
:
5 customer networks. Tools that are not strictly tested may trigger
e s
interruptions, data leaks, and sensitive functions.
r cwithout customers' authorization, take fault location data out of customer networks,
Use personal laptops to access customer networks. Then,
o u in another country because fault analysis and location cannot be completed on-site. Or
6
s"unintentionally" taken out of customer networks.
local countries, or send the data to a maintenance center
e
R list for test purposes, which leaks customer network information.
the fault is resolved, but data is not deleted and is
7
g product, service support from the third-party company is requested, and an engineer from
Add a private mailbox address to the alarm mailing
n
When the fault location involves a resoldithird-party
8
r n unintentionally. For example, the engineer sends out customer network data for fault location.
a
the third-party company commits a violation
An unwitting engineer connects L aevirus-infected laptop to a customer network. Or the engineer is aware of the infection, but due to emergency,
9
r e and takes chances to access the customer network.
does not completely kill the viruses
o
10
M
A firewall has no security configuration, making it easy for hackers to attack the customer network.

18
Liabilities for Cyber Security Violations n
/e
o m
If partners commit cyber security
i .c
violations, Huawei has the right to
we
take remedial measures.
u a
.h
i ng
n r
e a
/: /l
Incentive deduction and
level downgrade Cooperation cancellation Claim for compensation

t tp and
Based on Huawei channel
hin the agreement,
Revoke the license
:
Require involved partners to
policies, take corresponding
sthe agreement, and
authorization
e
compensate Huawei for any
management measures. For
rc
terminate
take u
damage, loss, claim, and
example, deduct all the
s o legitimate remedial reasonable expense, including
incentives of the current period
(including sales rebates, R e
measures. any third-party claim or
infringement incurred.
n g
ni
specialty based rebates, MBO
rebates, and JMF) and reduce
a r
the certification level.
Le
r e
o
M
19
Agenda n
/e
o m
i .c
we
u a
 What Is Cyber Security? .h
i ng
 Cyber Security Risks ar n
/ / le
 p
Huawei Cyber Security: Assurance System
t t
: h

es Security Requirements on Partners
Huawei's Cyber
r c
u
 so
Reference
Re
n g
rni
e a
e L
o r
M
20
For Partners' Reference: Remote Access Management
n Solution
/e
Use omaccess:
a secure access solution to cope with various security risks during remote
.c
Step 1: e i
aw
 The customer initiates a service request.
h u
 The customer provides authorization.
g .
Huawei Side n i n Customer Side
ar
le
Citrix Server
Firewall
: / / Firewall

tp
Internet
Internet
h t
s :
ce
ICA+SSL ICA+SSL

r
Engineer A

u
in war room Remote Desktop
ICA+SSL VPN
o
Terminal

s
Re
Firewall

i n g Step 4:
 The engineer passes NE
Step 2: Internet
r n authentication.
 The engineer logs in to the
a
Le
Citrix server. Step 3:  The engineer performs operations.
 The engineer logs in to the maintenance
 The engineer passes the
r e Step 5:
verification performed by
o terminal to be used on the customer  The operation finishes.
the customer-side VPN
(VPN dial-up software).
M Engineer B
outside the company
network.  The engineer reminds the user to
close the operation account.
21
For Partners' Reference: Customer Network Access and (or) Data
n
Processing Authorization 1/2 /e
 Before accessing customer networks or processing customer network data, Huawei engineers o m apply for a written
i .c and liabilities of the
authorization using a unified template to notify customers of the purpose, related information,
authorization. Partners can reference it. w e
u a its data. An example for the authorization purpose is
h
Purpose//Please specify the purpose for the customer to authorize Huawei to access its network and/or process
troubleshooting on customer networks.
g .
Customer Name and Address
i n
Authorized Entity's Name and
Address
arn
e
/: /l
Device Name

p
Device Location (Site)
How to Dispose Customer Network
t t
Data After Processing It
: h
Start Date
e s
End Date
r c
Name of the remote accessu
□ Yes
o
remote access process.sThe platform has access permission control and stores the data for a maximum of ___ years. Data
platform (for example, Citrix)//You are advised to use a platform that can record the entire
Remote Access Platform and Tool
will be deleted after R
e
the period expires.

n
Remote access toolg
□ No
ni access point is
□ Yes, andrthe
Whether to Access Customer
e
□ On-sitea ; □ No
Network
L
e Out
Description About Operations on Customer Network
access to provide service support when necessary

Whether to Transfer Customer NetworkrData


o Data Out of the Local Country □ Yes □ No

M
Whether to Transfer Customer Network □ Yes, and the destination is
Description About the Processed Customer Network Data//Please describe the processed network data based on project conditions.
; □ No

22
For Partners' Reference: Customer Network Access and (or) Data
e n
Processing Authorization 2/2 /
o m
i .c
Authorization description:
 [Customer] authorizes Huawei to access its network to perform operations and/or w
e
include the personal data, within the specified period of this authorization according u a to [Customer]'s instruction for the
process network data, which may

.h
purpose above.
 [Customer] promises that, (1) all necessary approval and authorization have i n g been obtained, and (2) the operations to be
performed by the authorized entity comply with local laws and regulations,
arn especially those related to data protection.
e
/: /l
Customer Representative Signature: t tp Representative Signature:
Huawei
: h Job Title:
Job Title:
e s
r c
Date:
o u Date:
s
Re
n g
r ni
e a
e L
or
M
23
For Partners' Reference: Field Service Report 1/2
n Customer Contact Information /e
Customer Name
o m
(Contact Person/Telephone No.)
Customer Address
.c
Service Engineer/Telephone No.
i
Product Category: □Storage
Product Model
□Security □Network
e
□Server

w
Product Serial Number
□Others:

Arrival Time
u a
Completion Time
On-site Technical Service Application
.h
equipment. Please check whether you have made the backup.
i ng
Huawei suggests that the customer should make a backup of relevant system data and business data before making any operation on
□Yes □No
Dear (Customer),
rn
le a
Huawei will provide the technical support service to promptly remove safety hazards and resolve your equipment issue. Please approve the application and arrange relevant
engineer to assist.
: //
impacts on service, such as service interruption.)
t t p
Service Content: Brief introduction: (1) Background of service application; (2) Major operations; (3) Estimated operation time; (4) Risks of operation (Specify possible

h
Note: If there is a lot content with annex for RFC (Request For Change), the detail can be added as attachment "X service implementation plan"
:
s
I (Customer) have fully understood the above precautions and the service content, impacts and risks, and have arranged relevant operation to be performed in non-peak

rce
hours as much as I can. For operations requiring power-off, I (Customer) have applied for the down time and completed relevant preparations. I (Customer) authorize
Huawei to start the service implementation.
o u
s
Customer (Signature): Date: YYYY-MM-DD

R e Service Process Details

g
To ensure the data and service security, the on-site engineer shall properly communicate with the customer. Relevant operation will start after the customer signs the on-site
n
ni
service application.

a r Service Engineer (Signature): Date: YYYY-MM-DD

Le
r e
o
M
24
For Partners' Reference: Field Service Report n2/2
Hardware Replacement Information /e
o m
Spare Parts Name Faulty Parts Code/Good Parts Code Faulty Parts SN/Bar Code
i .c
Good Parts SN/Bar Code

w e
u a
.h
g i n
※ If Hardware Replacement service is involved, please make sure all data stored in the r n to be deleted.
※ If any username/password is used during the service, please make sure all have been withdrawn.
le a Hardware

: / /
Dear XX (Customer), Huawei has completed the technical support service as required. Please
you!
tt p assess our service. We value your feedback and suggestions. Thank

□Very satisfied □Satisfied □Neutral □Dissatisfiedh


s :
ce
Comments and Suggestions:

Data Removal Notice: Removal / Deletion of Data prior to handing overu


r Customer (Signature): Date: YYYY-MM-DD

Huawei usually sends products to local, Hungary or China service s o products to Huawei for repair, replacement or other purposes is at customer’s sole discretion.

authorizes Huawei to take the Send-Delete Operations for products R e in case there is any data on the products received from customers or customer authorize Huawei
centers and for data removal (hereafter “Send-Delete Operations”). It is considered that customer

engineer to replacement spare parts


“Data” as used in this Notice means any data, fact or otheri n g
information, including but not limited to information that could be used to identify an individual, e.g. name,
r n of deletion
a
email address, title, occupation, industry, telephone number, employer, family address, postal or other address, other contact information, and financial information.

Manuals or the methods described cannot be used, L e


Customers should refer to Product Manuals for methods of data on the products. If there are no methods of deletion of data described in the Product
customer can contact Huawei local TAC to get help.
Huawei usually erases all the Data contained
r e in the products received from customers. For product that is unrepairable or unreusable, Huawei implements irreversible
means to destroy it. oonly provided “as is” and is not considered any representation, warranty or guarantee from Huawei.
M
The information set forth in this Notice is

25
Obtaining Huawei Tools from Official Channels
n
/e

m
In addition to tools delivered in product packages, partners can obtain legitimate service tools from Huawei technical
o
support website: http://support.huawei.com/enterprise/toolNewInfoAction?lang=en
i .c
we
u a
.h
i ng
rn
le a
: //
t t p
: h
s
urce
s o
R e
n g
rni
e a
e L
 List of service tools that haver security risks and cannot be used:
o
M
http://support.huawei.com/enterprise/NewsReadAction.action?newType=0301&contentId=NEWS1000008945&idAbsPath=0301_10001|134
3902956248
26
n
/e
o m
i .c
w e
u a
.h
i n g
r n
le a
: //
t t p
: h
s
u rce
s o
R e
n g
r ni
e a
e L
o r
Copyright © 2016 Huawei Technologies Co., Ltd. All Rights Reserved.
The information in this document may contain predictive statements including, without limitation, statements regarding the future financial and operating results, future product portfolio, new

M
technology, etc. There are a number of factors that could cause actual results and developments to differ materially from those expressed or implied in the predictive statements. Therefore, such
information is provided for reference purpose only and constitutes neither an offer nor an acceptance. Huawei may change the information at any time without notice.
Resource support on Learning website
You can get free E-Learning courses, training materials, product materials, software, cases and so on.
e n
/
 1、E-Learning Courses: Logon http://learning.huawei.com/en and enter Huawei Training/E-Learning
o mUser E-Learning
 Paid Courses: who purchased E-Learning course will have the privilege to learn Charged
i .c
courses and Online Test.
w e
HCIE privilege Courses: After received any HCIE Certification, you will havea

hu the privilege to learn the E-


Learning courses and Online Test which are for HCIE Certification Users. .
glearning privilege
 Partner E-Learning Courses: Any Huawei Partner Engineer have the
n i n
Free E-Learning Courses: Any website users have the learning rprivilege

le a
 2、Training Materials:
: / /
Logon http://learning.huawei.com/en and enter HuaweipTraining/Classroom Training ,then you can download
t t
h
training material in the specific training introduction page.
:
Huawei product training material and Huawei
e s career certification training material are accessible without
c

r
ouVirtual Class(LVC) are ongoing freely
logon.
3、 Huawei Online Open Class(LVC): s Live
Retraining and product training covering all ICT technical domains like R&S,

The Huawei career certification


g

UC&C, Security, Storagen


i and so on, which are conducted by Huawei professional instructors
n Download: http://support.huawei.com/enterprise
4、Product Materials and rSoftware

e a Huawei has built up Huawei Technical Forum which allows candidates to discuss

e L
5、Community:In addition,

or
technical issues with Huawei experts , share exam experiences with others or be acquainted with Huawei Products

M
HUAWEI TECHNOLOGIES CO., LTD. Huawei Confidential 1