Updated on 2024-01-24 GMT+08:00

Configuring Metadata Detection and Protection Rules

Prerequisites

  • The metadata detection and function applies only to the USG6603F-C and USG6606F-C.
  • The metadata detection function is supported only by the Border Protection and Response Service professional edition package.

Context

Metadata is generated by extracting session and protocol information from original traffic. Huawei Qiankun can intelligently detect metadata to effectively defend against web attacks (including information disclosure, credential theft, injection detection, and DoS) and external connections in which malicious domain names are requested through the DNS protocol.

For important intranet assets, you can configure metadata detection and protection rules as required. Huawei Qiankun receives metadata based on the configured protected network segment and performs threat analysis based on the metadata to better protect important intranet assets.

According to whether protected network segments are configured, actions are taken as follows:

  • For devices configured with protected network segments, collect the following data:
    • Metadata using HTTP and whose destination IP address is in the protected network segment.
    • Metadata using DNS and whose source IP address is in the protected network segment.
  • Metadata is not collected for devices that are not configured with protected network segments.

Procedure

  1. Log in to the Huawei Qiankun console, and choose > My Services > Border Protection and Response.
  2. Choose Services > Metadata Detection and Protection Rules in the menu bar.
  3. Click Create and create a metadata detection and protection rule as prompted.

    Figure 1 Creating a metadata detection and protection rule
    Table 1 Key parameters

    Parameter

    Description

    Select Device

    Enter the device SN or device name for fuzzy search and select the device.

    Protected Network Segment

    • One protected network segment or range can be configured in each line.
    • Lines are separated by carriage returns.
    • The total number of protected IP addresses cannot exceed 65536.
    • Only IPv4 addresses are supported.

    For example:

    127.0.0.1

    127.0.0.1/24

    127.0.0.2-127.0.0.10

Follow-up Procedure

After creating a metadata detection and protection rule, you can perform the following operations:

  • Modify: Click Modify in the Operation column to modify an existing metadata detection and protection rule. You can only modify the protected network segment but cannot specify another device.
  • Delete: Click Delete in the Operation column to delete an existing metadata detection and protection rule.