What Are the Differences Between HSS and SA Baseline Checks?

Object

• HUAWEI CLOUD Elastic Cloud Server (ECS)
• Bare Metal Server (BMS)
• Third-party cloud server
• Offline server

• Identity and Access Management (IAM)
• Elastic Load Balance (ELB)
• Cloud Trace Service (CTS)
• Elastic Cloud Server (ECS)

Function

• Password complexity policy

  Check password complexity policies and modify them based on suggestions provided by HSS to improve password security.

• Common weak password

  Change weak passwords to stronger ones based on HSS scan results and suggestions.

• Detect unsafe configurations

  Check the unsafe Tomcat, Nginx, and SSH login configurations found by HSS.

• IAM

  SA checks whether the IAM user is enabled, whether AK/SK authentication, login protection, and operation protection are enabled for IAM users, and whether IAM password policy, IAM login authentication policy, IAM user session timeout policy, and account disabling policy are correctly configured.

• Inspection

  SA checks the ELB health status and whether CTS is enabled.

• Infrastructure protection

  SA checks the configurations of inbound rules, high-risk ports, and remote management ports of security groups, checks whether key pairs are used to log in to ECSs, and checks log metric filtering and alarm event configurations.

• Data protection

  SA checks the ELB certificate validity.