Updated at: 2022-08-25 GMT+08:00

What Is HSS?

Host Security Service (HSS) is designed to protect server workloads in hybrid clouds and multi-cloud data centers. It provides host security functions, Container Guard Service (CGS), and Web Tamper Protection (WTP).

HSS can help you check and manage your servers and containers in a unified manner, no matter where they are deployed.

HSS protects your system integrity, manages application security, monitors user operations, and detects intrusions.

Host Security

Host Security Service (HSS) helps you identify and manage the assets on your servers, eliminate risks, and defend against intrusions and web page tampering. There are also advanced protection and security operations functions available to help you easily detect and handle threats.

Install the HSS agent on your servers, and you will be able to check the server security status and risks in a region on the HSS console.

Figure 1 illustrates how HSS works.
Figure 1 Working principles
The following table describes HSS components.
Table 1 Components

Component

Description

Management console

A visualized management platform, where you can apply configurations in a centralized manner and view the defense status and scan results of servers in a region.

HSS cloud protection center

  • Uses technologies such as AI, machine learning, and deep algorithms to analyze security risks in servers.
  • Integrates multiple antivirus engines to detect and kill malicious programs in servers.
  • Receives configurations and scan tasks sent from the console and forwards them to agents on the servers.
  • Receives server information reported by agents, analyzes security risks and exceptions on servers, and displays the analysis results on the console.

Agent

  • Communicates with the HSS cloud protection center via HTTPS and WSS. Port 10180 is used by default.
  • Scans all servers every early morning; monitors the security status of servers; and reports the collected server information (including non-compliant configurations, insecure configurations, intrusion traces, software list, port list, and process list) to the cloud protection center.
  • Blocks server attacks based on the security policies you configured.
NOTE:
  • If the agent is not installed or is abnormal, HSS is unavailable.
  • An agent can be installed on Huawei Cloud Elastic Cloud Servers (ECSs), Bare Metal Servers (BMSs), offline servers, and third-party cloud servers.
  • Select the agent and installation command suitable for your OS.
  • Web Tamper Protection (WTP) and HSS can use the same agent on a server.

Container Guard Service

Container Guard Service (CGS) scans vulnerabilities and configuration information in images, helping enterprises detect the container environment, which cannot be detected by traditional security software. In addition, CGS provides functions such as container process whitelist, container file monitoring, container information collection, and container escape detection to prevent security risks during container running.

The following image illustrates the CGS architecture.
Figure 2 CGS architecture
Table 2 Key CGS components

Component

Description

CGS Container

Runs on each container node (host) to scan all container images on the node for image vulnerabilities, implement security policies, and collect exceptions.

Management Master

Manages and maintains CGS Containers.

Security intelligence

Provides a security information knowledge base containing vulnerability and malicious program libraries, as well as big data AI training models.

Management console

Provides a console for users to use CGS.

Web Tamper Protection

Web Tamper Protection (WTP) monitors website directories in real time and restores tampered files and directories using their backups. It protects website information, such as web pages, electronic documents, and images, from being tampered with or damaged by hackers.

Figure 3 How WTP works
close