Available in all regions
Function Overview
- ALL
- HSS
- Asset Management
- Unsafe Settings Scan
- Vulnerability Management
- Detection of 13 Types of Intrusions
- Brute-force Attack Defense
- Isolation and Killing
- Ransomware Prevention
- Application Recognition Service (ARS)
- File Integrity Monitoring (FIM)
- Customized Security Policies
- Static Web Tamper Protection (WTP)
- Privileged Processes
- Two-factor Authentication (2FA)
- SSH Login IP Whitelist
- Common Login Location/IP
- Alarm Whitelist
- Alarm Notification
- Server Group
- Security Report
Host Security Service (HSS)
-
HSS helps you identify and manage the assets on your servers, eliminate risks, and defend against intrusions and web page tampering. There are also advanced protection and security operations functions available to help you easily detect and prevent threats.
Available in all regions
-
Asset Management
-
HSS proactively checks open ports, processes, web directories, and auto-started services on your servers, and records changes on account and software information.
You can check all the assets on your servers and their risks in a timely manner.
HSS does not touch your assets. You need to manually eliminate the risks.Available in all regions
-
Unsafe Settings Scan
-
HSS checks your software for weak password complexity policies and other unsafe settings, and provides suggestions for fixing detected risks.
Available in all regions
-
Vulnerability Management
-
HSS detects Linux software vulnerabilities, Windows system vulnerabilities, and Web-CMS vulnerabilities.
On the Vulnerabilities page, you can view the basic information, status, and urgency of vulnerabilities and handle them based on provided solutions.Available in all regions
-
Detection of 13 Types of Intrusions
-
HSS reports alarms on 13 types of intrusions, including brute-force attacks, process exceptions, web shells, abnormal logins, and malicious processes. You can learn all these events on the HSS console and eliminate security risks in your assets in a timely manner.
HSS displays alarm and event statistics and their summary all on one page. You can have a quick overview of alarms, including the numbers of servers with alarms, handled alarms, unhandled alarms, blocked IP addresses, and isolated files.
The Events page displays the alarm events generated in the past 30 days. You can manually clear, ignore, whitelist, or isolate and kill alarmed items.Available in all regions
-
Brute-force Attack Defense
-
HSS can block attacks on MySQL, MS SQL, VSFTP, FileZilla, Serv-U, SSH, and RDP.
Brute-force attacks are a type of common intrusion attacks. Attackers submit many server passwords until eventually guessing correctly and gaining control over a server.
HSS uses brute-force detection algorithms and an IP address blacklist to effectively prevent brute-force attacks and block attacking IP addresses for 24 hours. If a blocked IP address does not perform brute-force attacks in the next 24 hours, it will be automatically unblocked.
-
Isolation and Killing
-
HSS uses advanced AI and machine learning technologies and integrates a range of antivirus engines to detect and kill malicious programs on your servers.
If you enable Isolate and Kill Malicious Programs, HSS will automatically isolate and kill identified malicious programs, such as web shells, Trojans, and worms, removing security risks.
If you do not enable it, HSS will generate alarms on suspicious programs but will not handle them. You can choose Intrusions > Events, click Malicious program (cloud scan), and isolate and kill alarmed programs.Available in all regions
-
Available only in the premium edition
-
HSS monitors critical files stored on your servers and prevents unauthorized applications from encrypting or modifying the files, protecting your servers from ransomware.
You can create ransomware prevention policies and configure the protection status, monitored file path, and associated servers for the policy. A machine learning engine is used to identify whether an application has possibly tampered with any of the files on your servers. After the learning completes, the policy automatically takes effect on associated servers.
The policy analyzes operations on servers, identifies trusted applications, and reports alarms on untrusted applications, depending on your settings.
-
Available only in the premium edition
-
Application Recognition Service (ARS) scans all the applications running on your servers for uncertified or unauthorized applications, helping you maintain a secure runtime.
Set whitelist policies, and determine whether applications are Trusted, Untrusted, or Unknown. The applications that are not whitelisted are not allowed to run. This function protects your servers from untrusted or malicious applications, reducing unnecessary resource usage.
You can create a whitelist policy and apply it to your servers. HSS will check whether suspicious or malicious processes exist on the servers, and generate alarms or isolate the processes that are not in the whitelist.
-
Available only in the premium edition
-
FIM checks the files in your OSs, applications, and other components for tampering, helping you meet PCI-DSS requirements. FIM compares files with their versions in the previous scan to check whether files have been modified, and whether the modifications are suspicious.
FIM checks the integrity of Linux files and manages operations on them, including:
- Create and delete files
- Modify files (changes in file size, ACLs, and content hashes)Available in all regions
-
Available only in the premium edition
-
You can group policies and servers to batch apply policies to servers, easily adapting to business scenarios.
Available in all regions
-
Available only in the Web Tamper Protection edition
-
Static WTP monitors website directories in real time, backs up files, and restores tampered files using the backup, protecting websites from Trojans, malicious links, and tampering.
You can add the Windows and Linux processes you trust to the whitelist. Whitelisted processes will not be blocked by WTP functions.
Dynamic WTP protects your data while Tomcat is running, detecting dynamic data tampering in databases.
-
Available only in the Web Tamper Protection edition
-
After WTP is enabled, the content in the protected directories is read-only. To allow certain processes to modify files in the directories, you can add them to the privileged process list.
Only the modification made by privileged processes can take effect. Modifications made by other processes will be automatically rolled back.
Exercise caution when adding privileged processes. Do not let untrustworthy processes access your protected directories.Available in all regions
-
Two-factor Authentication (2FA)
-
2FA requires users to provide verification codes before they log in. The codes will be sent to their mobile phones or email boxes.
You have to choose an SMN topic when you log in to an ECS where 2FA is enabled. The topic specifies the recipients of verification codes, and HSS will authenticate login users accordingly.Available in all regions
-
SSH Login IP Whitelist
-
The SSH login whitelist controls SSH access to servers, effectively preventing account cracking.
After you configure an SSH login IP address whitelist, SSH logins will be allowed only from whitelisted IP addresses.
- Before enabling this function, ensure that all IP addresses that need to initiate SSH logins are added to the whitelist. Otherwise, you cannot remotely log in to your server using SSH. If your service needs to access a server, but not necessarily via SSH, you do not need to add its IP address to the whitelist.
- Exercise caution when adding an IP address to the whitelist. This will make HSS no longer restrict access from this IP address to your servers.Available in all regions
-
Common Login Location/IP
-
After you configure common login locations and IP addresses, HSS will generate alarms on the logins from other login locations or IP addresses. A server can be added to multiple login locations.
Available in all regions
-
Alarm Whitelist
-
You can configure the alarm whitelist to reduce false alarms. Batch import and export functions are supported.
Available in all regions
-
Alarm Notification
-
After alarm notification is enabled, you can receive alarm notifications sent by HSS to learn about security risks in your servers and web pages. Without this function, you have to log in to the management console to view alarms.
Alarm notification settings are effective only for the current region. To receive notifications from another region, switch to that region and configure alarm notification.
-
Server Group
-
You can create a server group and add servers to it. You can check the numbers of servers, unsafe servers, and unprotected servers in a group.
Available in all regions
-
Security Report
-
You can subscribe to weekly and monthly HSS reports, which are stored for six months. The reports show your server security trends and key security events and risks.
After you subscribe to a report, it will be available for review and download the next day.Available in all regions
-
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot