HSS

What Is HSS?

Host Security Service (HSS) helps you identify and manage the assets on your servers, eliminate risks, and defend against intrusions and web page tampering. There are also advanced protection and security operations functions available to help you easily detect and handle threats.

After installing the HSS agent on your ECSs, you will be able to check the ECS security status and risks in a region on the HSS console.

How Do I Use HSS?

Before using the HSS service, install the agent on your ECS. The installation method varies depending on whether your ECS is to be created or already exists.

• Scenario 1: An ECS is to be created.

  When you use certain public images to create ECSs, you are advised to use HSS to protect your ECSs.

  Select one of the following options:

  • Basic edition (one-month free trial): After this function is enabled, the HSS basic edition can be used free of charge for 30 days. The HSS basic edition supports detection of OS vulnerabilities, weak passwords, and brute force cracking to improve the overall security for your ECSs.
    

    After the free trial period expires, the HSS basic edition quotas will be automatically released, and HSS will not protect your servers.

    If you want to retain or upgrade HSS security capabilities, you are advised to enable the advanced HSS edition. For details, see What Should I Do When the Free Trial of HSS Basic Edition Expires?

    This option is selected by default.

  • Advanced HSS edition (paid): You can choose from HSS basic, enterprise, premium, and Web Temper Protection (WTP) editions and need to pay for it.

    After ECSs are purchased, you can switch between different editions on the HSS console after Advanced HSS edition (paid) is enabled. For details about the differences among different editions, see Specifications of Different Editions.

  • None: Do not use security protection.

  After you select an HSS edition, the system automatically installs the HSS agent, enables account cracking prevention, and offers host security functions.

  If the basic or enterprise edition does not meet service requirements, you can Purchasing an HSS Quota and switch the edition on the HSS console to obtain advanced protection without reinstalling the agent.

  Figure 1 Enabling HSS
  
• Scenario 2: An ECS is already created and HSS is not configured for it.

  For an existing ECS without HSS configured, you can manually install an Agent on it.

  For details, see Installing an Agent on the Linux OS and Enabling Protection.

How Do I Check Host Security Statuses?

On the Server tab, you can view the ECS security statuses in the current region.

1. Log in to the management console.
2. Click and choose Security & Compliance > Host Security Service.
3. Choose Asset Management > Servers & Quota and go to the Servers tab to view the protection status of the target servers.
   Figure 2 ECS security statuses
   

   Table 1 Statuses

   Parameter	Description
   Agent Status	Not installed: The agent has not been started or even has not been installed. Online: The agent is running properly. Offline: The agent fails to communicate with the HSS server. Therefore, HSS cannot protect your ECS. Click Offline. Then, the ECSs with agent being offline and the offline reasons are displayed.
   Protection Status	Enabled: The ECS is properly protected using HSS. Disabled: HSS has been disabled on the ECS. If an ECS does not need protection, disable HSS on it to reduce its resource consumption.
   Detection Result	Risky: The ECS is risky. Safe: No risks are detected. Pending risk detection: HSS is not enabled for the ECS.

For more details, see What Is HSS?