Basic Concepts
Account Cracking
In account cracking, intruders use diverse methods, such as brute-force attacks and dictionary attacks, to obtain system or application accounts and passwords. Once an account is cracked, intruders may log in to the system without authorization, steal data, and damage the system.
HSS provides weak password detection and two-factor authentication to improve account security. For details about weak password detection, see Performing Baseline Inspection. For details about how to enable two-factor authentication, see Enabling 2FA.
Baseline
A baseline specifies the minimum security configuration requirements for OSs, databases, middleware, and applications in terms of account management, password policy configuration, authorization management, service management, configuration management, network configuration, and permission management.
HSS provides checks against the cloud security practice baseline, the DJCP MLPS compliance baseline, and the general security standard baseline to meet diverse security compliance requirements. For details about baseline checks, see Baseline Check Overview.
Weak Password
A weak password can be easily cracked. Once the password is cracked, attackers can directly log in to the system and read, tamper with, or damage system data.
For details about weak password detection, see Baseline Inspection Overview.
Malicious Program
Malicious programs are designed to attack or remotely control a system. They can be categorized into backdoors, Trojans, worms, and viruses, based on the way they spread. Malware covertly inlays code into another program to run intrusive or disruptive programs and damage the security and integrity of the data on an infected server. HSS reports both identified and suspicious malware.
For details about malicious program detection, see Server Security Alarms and Container Security Alarms.
Ransomware
Ransomware emerged with the Bitcoin economy. It is a Trojan that is disguised as a legitimate email attachment or bundled software and tricks you into opening or installing it. It can also arrive on your servers through website or server intrusion.
Ransomware often uses a range of algorithms to encrypt the victim's files and demand a ransom payment to get the decryption key. Digital currencies such as Bitcoin are typically used for the ransoms, making tracing and prosecuting the attackers difficult.
Ransomware interrupts businesses and can cause serious economic losses. We need to know how it works and how we can prevent it.
For more information about ransomware prevention, see Ransomware Prevention Overview.
Alarms
Security alarms refer to the events reported and recorded by HSS when it detects security threats (such as malicious programs and vulnerability exploits) on servers or containers. They notify users of potential security risks in a timely manner and prompt users to take measures to eliminate the risks, thereby improving the overall system security.
For details about how to handle security alarms, see Server Security Alarms and Container Security Alarms.
Two-Factor Authentication
Two-factor authentication (2FA) refers to user login authentication using both the user password and a verification code. This enhances account security.
For details about how to enable two-factor authentication, see Enabling 2FA.
Web Tamper Protection
Web Tamper Protection (WTP) is an HSS edition that protects your files, such as web pages, documents, and images, in specific directories against tampering and sabotage from hackers and viruses.
For details about how to configure WTP, see WTP Overview.
Cluster
A cluster is a combination of cloud resources, such as cloud servers (nodes) and load balancers, for container running. A cluster can be seen as one or more elastic cloud servers (nodes) in a same subnet. It provides compute resources for running containers.
HSS supports container cluster access and protection. For details, see Overview of Agent Installation in a Cluster.
Node
A node is a server (a VM or PM) that containers run on.
HSS considers each node as a basic protection unit and installs the agent on each node. For details about how to install the agent on a node, see Installing the Agent on Servers.
Image
An image is a special file system. It provides not only programs, libraries, resources, configuration files but also some configuration parameters required for a running container. A Docker image does not contain any dynamic data, and its content remains unchanged after being built. During the development, deployment, and running of images, security risks may be introduced, such as known or unknown vulnerabilities and malicious files. If such images are used in the production environment without security check, the system will be highly vulnerable to intrusions, which may cause serious consequences such as data leakage and resource abuse. Therefore, image security is critical to containerized application deployment.
For details about image security scan, see Container Image Security Overview.
Pod
A pod in Kubernetes is the smallest, basic unit for deploying applications or services. It can contain one or more containers, which typically share storage and networks.
Container
A container is an instance created using an image. Multiple containers can run on a node (host). Containers are essentially processes, but they run in their own separate namespaces, unlike processes that directly run on the host machine.
Container Runtime
Container runtime, one of the most important components of Kubernetes, manages the lifecycle of images and containers. Kubelet interacts with a container runtime through the Container Runtime Interface (CRI) to manage images and containers.
Project
Projects in IAM are used to group and isolate OpenStack resources (computing resources, storage resources, and network resources). Resources in your account must be mounted under projects. A project can be a department or a project team. Multiple projects can be created under an account.
For details about how to create a project, see Managing Projects and Enterprise Projects.
Protection Quota
A server or container node can be protected by HSS only after a quota is allocated to it. Each server or container needs a quota.
The HSS editions you purchased are displayed as protection quotas on the HSS console. For details, see Purchasing Protection Quotas.
Example:
- If you have purchased an HSS enterprise edition quota, you can bind it to one server.
- If you have purchased 10 HSS enterprise edition quotas, you can bind them to 10 servers.
Graph Data
Graph data represents the relationships between objects. Every graph consists of a set of vertices (nodes) connected by lines known as edges. Each vertex represents an entity, and each edge represents a relationship or connection between two nodes.
Graph Computing
Graph computing is a technology for processing and analyzing graph data. It uses the vertex-edge model. Graph computing can create relationships to record the relations between graphs and edges in memory, helping you trace threat events.
Graph Engine
The graph engine is a detection engine powered by graph computing. It uses the vertex-edge graph model to efficiently store, query, and analyze graph data. It can associate suspicious behaviors and perform comprehensive analysis accordingly to identify intrusions.
For details about how to enable the graph engine detection policy, see Configuring Policies.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
