Help Center> > Service Overview >Concepts

Concepts

Situation Awareness

Situational Awareness (SA) is a visualized threat detection and analysis platform. Using big data analysis technologies, it can detect over 20 types of cloud security risks, including DDoS attacks, brute-force attacks, web attacks, Trojans, zombies, abnormal behavior, vulnerability exploits, and command and control (C&C). It also collects statistics on and analyzes threat alarms and attack sources, and displays a global security attack situation.

Security Risk

A security risk is a comprehensive evaluation of your assets, reflecting the security level of your assets within a period of time. This score helps you know the security situation of your assets but for reference only.

Asset

Currently, assets refer to the Elastic Cloud Servers (ECSs) that you have purchased on HUAWEI CLOUD. In the future, more types will be supported.

Threat Alarm

In general, threat alarms refer to threats that, due to natural, human, software, or hardware reasons, are detrimental to information systems or cause negative effects on the society. In SA, threat alarms are detected security incidents that threaten asset security through big data technology.

Host Vulnerability

A host vulnerability is the vulnerability detected in the system and software (such as Apache and MySQL) by version comparison.

Website Vulnerability

A website vulnerability is the vulnerability detected by the web crawler and intelligent comparison of vulnerability features. SA can scan over 22 types of vulnerabilities and can also detect OWASP TOP 10 and WASC vulnerabilities. The scan rules are automatically updated on the cloud and take effect on the entire network, covering the latest vulnerabilities. HTTPS scan is as well as supported.

Host Baseline

Host baseline inspection is classified into operating system baseline inspection and middleware baseline inspection, supporting weak password detection for standard web services, and operating systems and databases.

Cloud Service Baseline

Cloud service baseline helps you detect risky configuration items in cloud-based products in public cloud scenarios and provides recovery suggestions. Currently, the five check items such as identity authentication, access control, log auditing, data security, and basic protection are supported.

Attack Types

  • DDoS attack

    Denial of Service (DoS) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet. A distributed denial-of-service (DDoS) attack is a large-scale DoS attack where the perpetrator uses more than one unique IP address, often thousands of them.

  • Brute-force attack

    A brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. The attacker systematically checks all possible passwords and passphrases until the correct one is found to decrypt any encrypted data.

  • Web attack

    A web attack is an attack against the Internet access or devices such as web servers. Common web attacks include SQL injection, buffer overflow, cross-site scripting (XSS), and cross-site request forgery (XSRF) attacks.

  • Trojan

    Trojan, also called Trojan horse, is any malicious computer program which misleads users of its true intent. It acts like a legitimate application program or file to deceive victims into executing or spreading it. When victims execute it, attackers gain unauthorized access to target hosts to steal data such as usernames, passwords, and encrypted files. In various hacker attacks, Trojan typically serves as the foundation for further attacks.

  • Zombie

    A zombie is a computer connected to the Internet that has been compromised by a hacker, computer virus or Trojan horse program and can be used to perform malicious tasks of one sort or another under remote direction. Botnets of zombie computers are often used to spread e-mail spam and launch DOS attacks. Now, as virtual currencies (such as Bitcoins) grow in value, attackers start using zombies to mine Bitcoins.

  • Abnormal behavior

    Abnormal behavior refers to the events that should not occur on hosts. For example, a user successfully logs in to the system at an unexpected time, some file directories are changed unexpectedly, and abnormal behavior occurs in the process. Many of these anomalies are caused by malicious programs. Administrators must pay attention to these anomalies. The abnormal behavior data in SA mainly comes from HSS.

  • Vulnerability exploit

    A vulnerability is a weakness which can be exploited by a threat actor, such as an attacker, to perform unauthorized actions within a computer system. Gaining access, stealing sensitive data, or sabotaging software and hardware systems are all vulnerability exploits.

  • C&C

    A command-and-control (C&C) server is a computer controlled by an attacker or cyber criminal which is used to send commands to systems compromised by malware and receive stolen data from a target network.

    Domain generation algorithms (DGA) are algorithms seen in various families of malware that are used to periodically generate a large number of domain names that can be used as rendezvous points with their command and control servers.