Updated on 2024-09-25 GMT+08:00

Overview

If FlexusX instances are not protected, they may be attacked by viruses, resulting in data leakage or data loss. This section describes common measures to improve FlexusX instance security.

Security Protection

FlexusX instances can be protected externally and internally.

Table 1 Methods for improving FlexusX instance security

Type

Description

Protection Method

External security

DDoS attacks and Trojan horses or other viruses are common external security issues. To address these issues, you can enable Host Security Service (HSS) to protect your FlexusX instances.

Internal security

Weak passwords and incorrect ports opening may cause internal security issues. Improving the internal security is the key to improving the instance security. If the internal security is not improved, external security solutions cannot effectively intercept and block various external attacks.

Enabling HSS

HSS is designed to improve the overall security for cloud servers. It helps you identify and manage the assets on your servers, eliminate risks, and defend against intrusions and web page tampering. There are also advanced protection and security operations functions available to help you easily detect and handle threats.

  • You can enable HSS (basic edition) when purchasing a FlexusX instance. After the purchase, your instance is automatically protected.
  • You can also enable HSS on the HSS console after the FlexusX instance is purchased.

For details about how to enable HSS, see Configuring HSS for a FlexusX Instance.

Monitoring FlexusX Instances

Monitoring is key to ensuring FlexusX instance reliability, availability, and performance. Using monitoring data, you can determine instance resource usage. Cloud Eye collects and displays monitoring data for you in a visualized manner. You can use Cloud Eye to automatically monitor FlexusX instances in real time and manage alarms and notifications, so you can keep track of instance performance metrics.

For more information, see Managing Server Monitoring.

Backing Up Data Periodically

CBR enables you to back up FlexusX instances and disks with ease. In case of a virus attack, accidental deletion, or software or hardware fault, you can restore data to any point in the past when the data was backed up. CBR protects your services by ensuring the security and consistency of your data.

  • You can enable CBR when purchasing a Flexus X instance. After the purchase, CBR automatically backs up the FlexusX instance based on the default backup policy.
  • You can also enable CBR on the CBR console after the FlexusX instance is purchased.

For details, see Backing Up a FlexusX Instance.

Enhancing the Login Password Strength

To ensure the security of your FlexusX instance, you can set a strong login password by following these guidelines:

  • The password must consist of at least 10 characters.
  • Do not use easily guessed passwords (for example, passwords in common rainbow tables or passwords with adjacent keyboard characters). The password must contain at least three of the following character types: uppercase letters, lowercase letters, digits, and special characters.
  • Do not use your username or username/password, such as administrator/administrator, test/test, root/root, oracle/oracle, and mysql/mysql.
  • Change the password at least every 90 days.
  • Do not reuse the latest five passwords.
  • Set different passwords for different applications. Do not use the same password for multiple applications.

Improving the Port Security

A security group is a collection of access control rules for cloud servers in a VPC. You can define access rules for a security group to protect the cloud servers in this group.

You can configure security group rules to control access to or from specific ports. You are advised to disable high-risk ports and only enable necessary ports.

Table 2 lists some high-risk ports. Do not use these ports for your services.

Table 2 High-risk ports

Protocol

Port

TCP

42 135 137 138 139 444 445 593 1025 1068 1434 3127 3128 3129 3130 4444 4789 5554 5800 5900 9996

UDP

135~139 1026 1027 1028 1068 1433 1434 4789 5554 9996

Periodically Upgrading the OS

After a FlexusX instance is created, you need to maintain and periodically upgrade the OS. Officially released vulnerabilities will be published in Security Notices.