Overview

Updated on 2025-02-26 GMT+08:00

View PDF

You can use SecMaster to manage and maintain tasks across accounts with ease, making it simple to implement protection of different services, including WAF, CFW, VPC security groups and IAM. You can view all policies centrally, manage policies for seven defense lines manually, and query manual and automatic block records quickly.

Viewing and Configuring Defense Policies: describes how to view and configure defense policies. There are seven defense lines: physical, identity, server, maintenance, data, application, and network defense lines. Table 1 describes the seven layers of defense and the corresponding asset types that can be protected.

**Table 1** Seven layers of defense and types of protected assets
Defense Layer Type	Protection Plan	Description	Protected Asset Type
Physical security	--	The cloud service provider is responsible for physical environment security.	--
Network security	DDoS Mitigation	This solution mitigates DDoS attacks in milliseconds to ensure continuity of your global services based on machine learning, protection policy tuning, and precise identification of DDoS attacks.	Elastic Load Balance (ELB) and Elastic IP (EIP)
Network security	Cloud Firewall (CFW)	Cloud Firewall (CFW) protects Internet borders on the cloud and at VPC borders. It can detect and defend against intrusions in real time, control traffic in a unified manner, analyze traffic and visualize results, audit logs, and trace traffic sources. You can scale CFW resources as needed.	Virtual Private Cloud (VPC)
Application security	Web Application Firewall (WAF)	WAF can check and protect website service traffic from multiple dimensions. WAF can intelligently identify malicious request features and defend against unknown threats based on deep machine learning.	Websites and IP addresses
Server security	Host Security Service (HSS)	HSS is designed to protect server workloads in hybrid clouds and multi-cloud data centers. It protects servers and containers and prevents web pages from malicious modifications.	Elastic Cloud Server (ECS) and Cloud Container Engine (CCE)

NOTE:

The defense layers for the identity, data, and O&M security will be available soon.

Adding an Emergency Policy: Emergency policies are used to quickly prevent attacks. You can select a block type based on the alert source to block attackers.
Managing Emergency Policies: describes Viewing an Emergency Policy, Editing an Emergency Policy, and Deleting an Emergency Policy.

Batch Blocking and Canceling Batch Blocking of an IP Address or IP Address Range: describes how to block access from blacklisted IP addresses, IAM users, or IP address ranges. You can add an IP address, IAM user, or IP address range as blocked object for an emergency policy in several operation connections. If there is no need to block an IP address, IAM user, or IP address range for operation connections, you can cancel the blocking from all operation connections.

Limitations and Constraints

Currently, the emergency policies include only the blacklist policies of CFW, WAF, VPC security groups and IAM.
A maximum of 300 emergency policies that support block aging can be added for a single workspace you have. A maximum of 1,300 emergency policies can be added for a single workspace you have. Limits on blocked objects at a time are as follows:
- When a policy needs to be delivered to CFW, each time a maximum of 50 IP addresses can be added as blocked objects for each account.
- When a policy needs to be delivered to WAF, each time a maximum of 50 IP addresses can be added as blocked objects for each account.
- When a policy needs to be delivered to VPC, each time a maximum of 20 IP addresses can be added as blocked objects within 1 minute for each account.
- When a policy needs to be delivered to IAM, each time a maximum of 50 IAM users can be added as blocked objects for each account.
If an IP address or IP address range or an IAM user is added to the blacklist, CFW, WAF, VPC, and IAM will block requests from that IP address or user without checking whether the requests are malicious.