Help Center/ Host Security Service/ Getting Started/ Purchasing and Enabling HSS
Updated on 2024-08-02 GMT+08:00

Purchasing and Enabling HSS

Scenario

HSS helps you identify and manage the assets on your servers, eliminate risks, and defend against intrusions. There are also proactive protection and security operations functions available to help you easily detect and handle threats. For details about the protection functions of server security, see Specifications of Different Editions.

This document uses an ECS running EulerOS 2.9 as an example to describe how to purchase and enable HSS.

Step 1: Purchase HSS Quota

  1. Log in to the management console.
  2. Click in the upper left corner and select the region and project.
  3. Click in the upper left corner and choose Security & Compliance > Host Security Service. The HSS console is displayed.
  4. In the upper right corner of the Dashboard page, click Buy HSS.
  5. Set the parameters for buying HSS as prompted.

    • Billing Mode: Select a billing mode as required. In this example, select Yearly/Monthly.
    • Region: Select the region where the server is located. In this example, select CN-Hong Kong.
    • Edition: Select the HSS edition. Different editions provide different protection functions. In this example, select Enterprise Edition.
    • Quantity: Set this parameter based on the number of servers. In this example, set the quantity to 1.
    • Specify other parameters as needed.

  6. In the lower right corner of the page, click Next.
  7. After confirming that the order, select I have read and agree to the Host Security Service Disclaimer.
  8. Click Pay Now and complete the payment.
  9. Click Back to Host Security Service Console.

Step 2: Install an Agent

  1. Log in to the HSS console, in the navigation pane on the left, choose Installation & Configuration > Server Install & Config.
  2. Choose Agents > Servers Without Agents.
  3. In the Operation column of the target server, click Install Agent. The Install Agent dialog box is displayed.

    Figure 1 Installing an agent

  4. Select and set the server verification information.

    • Server authentication mode: Select a mode. In this example, select Account and password mode.
    • Allow direct connection with root permissions: Whether to allow root direct connection. In this example, select this option.
      • Server Root Password: Set this parameter based on the server information.
      • Server Login Port: Set this parameter based on the actual server login port. In this example, set 22 port.
    Figure 2 Enter the server verification information.

  1. Click OK to start installation.
  2. Choose Servers With Agents page and view the agent status of the target server.

    If the Agent Status is Online, the agent is successfully installed.

Step 3: Enable Protection

  1. In the navigation pane on the left, choose Asset Management > Servers & Quota.
  2. In the Operation column of a server, click Enable.
  3. In the dialog box that is displayed, select the mode.

    Set this parameter based on the edition of the purchased quota in Step 1: Purchase HSS Quota.

    • Billing Mode: Select Yearly/Monthly.
    • Edition: Select Enterprise Edition.

  4. After confirming the information, select I have read and agree to the Host Security Service Disclaimer.
  5. Click OK.
  6. If the Protection Status of the target server is Protected, the protection is enabled successfully.

    Figure 3 Viewing the protection status

Follow-Up Procedure

Enable active protection for servers.

HSS enterprise edition provides some proactive functions for servers. These functions are not enabled or not completely enabled when HSS is enabled. You can determine whether to use these functions based on your requirements, the following table Table 1 describes the functions.
Table 1 Proactive protection functions

Function

Description

Ransomware Prevention

Ransomware is one of the biggest cybersecurity threats today. Ransomware can intrude a server, encrypt data, and ask for ransom, causing service interruption, data leakage, or data loss. Attackers may not unlock the data even after receiving the ransom. HSS provides static and dynamic ransomware prevention. You can periodically back up server data to reduce potential losses.

Ransomware prevention is automatically enabled with the premium edition. Deploy bait files on servers and automatically isolate suspicious encryption processes. You can modify the ransomware protection policy. You are also advised to enable backup so that you can restore data.

Application Protection

To protect your applications with RASP, You simply need to add probes to applications, without having to modify application files.

Application Process Control

HSS can learn the characteristics of application processes on servers and manage their running. Suspicious and trusted processes are allowed to run, and alarms are generated for malicious processes.

Virus scanning and removal

The function uses the virus detection engine to scan virus files on the server. The scanned file types include executable files, compressed files, script files, documents, images, and audio and video files. You can perform quick scan and full-disk scan on the server as required. You can also customize scan tasks and handle detected virus files in a timely manner to enhance the virus defense capability of the service system.