HSS Best Practices You May Need

This document summarizes the operation practices of Host Security Service (HSS) in common application scenarios. It provides explicit solution descriptions and operation guidance for each scenario, making it easier for you to use HSS to improve the security of servers and containers.

HSS Best Practices

**Table 1** Best practices
Category	Related Document
Access HSS	Connecting Third-Party Servers to HSS Through Direct Connect and VPC Endpoint
	Third-Party Servers Accessing HSS Through a Direct Connect and Proxy Servers
	Installing the HSS Agent Using CBH
Server login protection	Using HSS to Improve Server Login Security
Vulnerability fixing	Git Credential Disclosure Vulnerability (CVE-2020-5260)
	SaltStack Remote Command Execution Vulnerabilities (CVE-2020-11651 and CVE-2020-11652)
	OpenSSL High-risk Vulnerability (CVE-2020-1967)
	Adobe Font Manager Library Remote Code Execution Vulnerability (CVE-2020-1020/CVE-2020-0938)
	Windows Kernel Elevation of Privilege Vulnerability (CVE-2020-1027)
	Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601)
	Using HSS to Scan and Fix Vulnerabilities
Weak password protection	Using HSS to Prevent Weak Passwords
Ransomware prevention	Using HSS and CBR to Defend Against Ransomware
Intrusion detection	Using HSS to Scan for Trojans
	Using HSS to Handle Mining Attacks
	Whitelist Can Be Used to Avoid False Alarm Reporting
File protection	Using HSS to Monitor the Integrity of Linux Server Files