Viewing and Configuring Defense Policies
Scenario
This section describes how to view and configure defense policies.
There are seven defense lines, physical, identity, server, maintenance, data, application, and network defense lines.
|
Defense Layer Type |
Protection Solution |
Description |
Protected Asset Type |
|---|---|---|---|
|
Physical security |
-- |
The cloud service provider is responsible for the physical equipment room security |
-- |
|
Network security |
Anti-DDoS Service (AAD) |
This solution mitigates DDoS attacks in milliseconds to ensure continuity of your global services based on machine learning, protection policy tuning, and precise identification of DDoS attacks. |
Elastic Load Balance (ELB) and Elastic IP (EIP) |
|
Cloud Firewall (CFW) |
Cloud Firewall (CFW) protects Internet borders on the cloud and at VPC borders. It can detect and defend against intrusions in real time, control traffic in a unified manner, analyze traffic and visualize results, audit logs, and trace traffic sources. You can scale CFW resources as needed. |
Virtual Private Cloud (VPC) |
|
|
Application security |
Web Application Firewall (WAF) |
WAF can check and protect website service traffic from multiple dimensions. WAF can intelligently identify malicious request features and defend against unknown threats based on deep machine learning. |
Websites and IP addresses |
|
Server security |
Host Security Service (HSS) |
HSS is designed to protect server workloads in hybrid clouds and multi-cloud data centers. It protects servers and containers and prevents web pages from malicious modifications. |
Elastic Cloud Server (ECS) and Cloud Container Engine (CCE) |
The defense layers for the identity, data, and O&M security have not been rolled out.
Viewing Defense Policies
- Log in to the management console.
- Click
in the upper left corner of the management console and select a region or project. - Click
in the upper left corner of the page and choose Security & Compliance > SecMaster. - In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
Figure 1 Workspace management page
- In the navigation pane on the left, choose .
Figure 2 Defense Layer Policies
- View defense policy statistics.
- Health Score: indicates the current health status of resources.
The score ranges from 0 to 100. A larger score indicates a lower risk and higher asset security. For details about the security scores, see Security Overview and Situation Overview.
- Total Assets: displays how many assets, high-risk assets, and assets at other risk levels you have.
- Threat alarm, vulnerability, and baseline check statistics: display unhandled threat alarms, unfixed vulnerabilities, and risky baseline settings.
- Threat Alarm: Displays threat alarms that have not been handled in the last seven days.
- Vulnerability Risk: Displays the top 5 types of vulnerabilities in assets and the total number of vulnerabilities that have not been fixed in the last seven days.
- Baseline Risk: displays resources by risk severity, including critical, high, medium, low, and informational levels, based on the latest baseline inspection results.
- SecMaster Protection Overview: displays the protection status and resource information in the seven defense lines.
- In the seven defense line area, you can click the icon of a defense line to view the protection products and protection statistics of the defense line.
- You can view the resource statistics in the resource area.
- Health Score: indicates the current health status of resources.
Configuring Defense Policies
- Log in to the management console.
- Click in the upper left corner of the management console and select a region or project.
- Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
- In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.
Figure 3 Workspace management page
- In the navigation pane on the left, choose .
Figure 4 Defense Layer Policies
- Click the name of the defense line the security service belongs to. The cloud service information corresponding to the defense line slides out from the right.
- On the page of the corresponding cloud service, click Protection Policy to go to the configuration page.
If you have not purchased the corresponding cloud service, click the service name under service overview in the tab to go to the service console and purchase the service.
- On the policy configuration page, configure policies of the corresponding cloud service.
- Anti-DDoS policy configuration:
- CFW protection policies: Configuring Intrusion Prevention and Basic Defense Rule Management
- WAF protection policies: Creating a Protection Policy
- HSS protection policies: Enabling HSS, Creating a Policy Group, and Installation and Configuration
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
