Huawei Intranet Security Analysis
Categories:
- Huawei Intranet Security Analysis
Huawei has plenty of excellent internal learning materials, and I have amassed a wealth of knowledge and experience myself; I have long wondered how to import them into my personal knowledge base. I am fully aware that these generic insights are neither confidential nor sensitive, yet the ever-present warning bells of information security make me itchy while keeping well behind the red line. After some testing, I found the company’s network-security protections hard to break. This article provides a sketchy analysis of the R&D yellow zone.
- Green zone – an open area assumed to hold no sensitive data; typically the network for peripheral staff.
- Red zone – ultra-high-security zone I have yet to enter for any extended period. Brief exposure shows it hosts the network-equipment lab housing large switching frames—the nerve-center of the intranet. Breaching the red zone would amount to breaching the regional network, at least enough to paralyze an entire building for some time.
Router + Firewall Approach
Encryption uses a public key “A.” Think of it as a lock that everyone can have, yet only lock, never unlock. Formally: with message M, the encryption operation
$$ f(A,M) $$
yields ciphertext that is computationally infeasible to reverse—like the difference between squaring and taking a square root, or between expanding and factoring polynomials. Even with a supercomputer, breaking it may require years or decades.
Decryption occurs server-side with the private key. Encrypted packets arriving from all directions are decrypted with the single matching key.
Man-in-the-middle acts like a relay: to the client it is the server; to the server it is just another user. As the relay, it sees everything. Put simply, Huawei itself functions as a very powerful man-in-the-middle. All outbound traffic is scanned; anything not on ports 80/443 is blocked outright.
How to attempt circumvention?
The yellow zone allows outbound traffic only through a specific proxy on a specific port; everything else is closed. That seems watertight. We could generate keys, encrypt manually inside the intranet, and decrypt manually outside; that way the man-in-the-middle only sees ciphertext it cannot read. Delivering the encryptor? Email, Welink, or a webpage—each leaves traces. A covert webpage is the cleanest. Or transcribe the key on paper; nothing digital to detect except the company’s ubiquitous cameras.
GitHub’s SSH conveniently supports “ssh over 443,” but testing shows it fails: the proxy easily recognizes such high-risk sites. In my experience Huawei’s firewall operates on a whitelist, not a blacklist—so even a self-hosted SSH server is blocked. Browsers show a jump page warning “proceed at your own risk”; terminals simply report the connection was closed.
Huawei started in networking, and networking talent is everywhere; a purely technical break-in seems impossible—social engineering may be the only path left.
Local Firewall Approach
Windows endpoints receive centrally managed security software. Users cannot change settings; admins push configuration uniformly. Application-level access rights appear to be governed by black-and-white lists; some apps have no network access at all. Visual Studio Code’s newer releases, for example, cannot traverse the proxy tunnel.