Attack Defense Overview
CFW can defend against network attacks and virus files. You are advised to set Protection Mode to Intercept in a timely manner.
Prerequisites
- For details about how to enable EIP traffic protection, see Enabling Internet Border Traffic Protection.
- For details about how to enable VPC traffic protection, see Enabling VPC Border Traffic Protection.
Defense Against Network Attacks and Virus Files
CFW provides defense functions, including intrusion prevention (IPS), sensitive directory scan, antivirus, and reverse shell detection to defend against network attacks and virus-infected files. For details, see Table 1.
Feature |
Check Type |
Configuration Guide |
---|---|---|
IPS |
|
|
Sensitive directory scan defense |
Attacks on the sensitive directories of cloud servers |
|
Reverse shell defense |
Network attacks through reverse shells |
|
Antivirus |
Identify and process virus-infected files through virus feature detection to prevent data damage, permission change, and system breakdown caused by virus-infected files. HTTP, SMTP, POP3, FTP, IMAP4 and SMB protocols can be checked. |
Protection Actions
- Observe: No rules are enabled. The firewall records the traffic that matches the current rule in Attack Event Logs and does not block the traffic.
- Intercept: Rules are enabled. The firewall records the traffic that matches the current rule in Attack Event Logs and blocks it.
- Disable: Rules are disabled. The firewall does not log or block the traffic that matches the current rule.
References
For details about the protection overview, see Viewing Attack Defense Information on the Dashboard. For details about logs, see Attack Event Logs.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.