A signature database is an important part of a device's security protection system and stores considerable data relating to identified attack behavior features, virus features, and application/protocol features. The device analyzes passing data flows based on these features and processes traffic based on analysis results. You can use the signature database update function to ensure the signature database file stored on the device is the latest version.
Currently, the device supports both online and offline update of the signature database. To ensure that the signature database is updated securely, take the following measures:
By default, the device connects to an update server in the Huawei security center through HTTPS, and the CA certificate is required for identity verification when the device communicates with the update server. The device sends the communication protocol version number, encryption algorithm type, random number, and other information required for the upgrade to the Huawei security center, and the update server then sends its local certificate to the device. The device verifies whether the domain name in the server certificate matches the actual domain name of the server. If the verification succeeds, the device proceeds with the update. Otherwise, the device stops the communication and terminates the update.
If the signature database update package is tampered with during download or transmission, the device may fail to load the update package. In extreme cases, it may even crash or be attacked by viruses. To ensure the data integrity of the update package and prevent tampering during download and transfer, the device adds a digital signature to the update package .
The device communicates with an update server in the Huawei security center through HTTPS (a secure version of HTTP with SSL protection). HTTPS uses SSL to encrypt and decrypt data during data transmission, improving communication security.
The signature database update package is encrypted and compressed to ensure that its content is not disclosed. The device decompresses and decrypts the update package to restore the original content. As the key used for encryption is separated from the update package, the encryption and decryption process is both safe and reliable.
In online signature database update scenarios, the device and Huawei security center use the digital signature and package encryption mechanism provided by the update package to ensure transmission security.
In offline signature database update scenarios, the device verifies the integrity of the update package and the data format after decryption when loading the update package, thereby ensuring the security of the loading process.
None