Sandbox Interworking Security

Overview

The FW provides the professional IAE and APT defense function and interworks with the sandbox to detect network traffic. The FW updates the cached malicious file and malicious URL lists based on the detection result. If subsequent traffic matches the malicious file or malicious URL list, the block or alert action is performed.

• For the local sandbox, the FW provides the HTTPS interaction modes. You can configure the device certificate to authenticate the sandbox.
• For the cloud sandbox, you must perform security hardening on the cloud sandbox in that it goes across the insecure Internet. Use HTTPS, SSLv1.2/TLSv1.2, and symmetric encryption algorithms of AES128 and AES256. In addition, use bidirectional certificate authentication. Certificates at both ends must be issued by Huawei PKI platform. The cloud sandbox interworking does not require security configurations. By default, the device uses secure protocols for interaction.

Data Leak Prevention

• The local sandbox uses HTTPS for interaction. HTTPS uses AES128 and AES256 for encryption.
• By default, the cloud sandbox uses HTTPS for encryption and does not support other options.

Anti-Tampering

The anti-tampering mechanism in SSL/TLS standard protocol interaction is used.

Anti-Replay

The anti-replay mechanism in SSL/TLS standard protocol interaction is used.

Sandbox Spoofing Prevention

Server certificate-based authentication is used to prevent server spoofing. The local sandbox is authenticated by directly importing the server certificate, and the cloud sandbox is authenticated through the CA certificate.

Impact on the System

None