On this page

Show all

Help Center/ SecMaster/ User Guide/ Risk Prevention/ Policy Management/ Viewing and Configuring Defense Policies

Viewing and Configuring Defense Policies

Updated on 2025-02-26 GMT+08:00

View PDF

Scenario

This section describes how to view and configure defense policies.

There are seven defense lines, physical, identity, server, maintenance, data, application, and network defense lines.

**Table 1** Seven layers of defense and types of protected assets
Defense Layer Type	Protection Solution	Description	Protected Asset Type
Physical security	--	The cloud service provider is responsible for the physical equipment room security	--
Network security	Anti-DDoS Service (AAD)	This solution mitigates DDoS attacks in milliseconds to ensure continuity of your global services based on machine learning, protection policy tuning, and precise identification of DDoS attacks.	Elastic Load Balance (ELB) and Elastic IP (EIP)
Network security	Cloud Firewall (CFW)	Cloud Firewall (CFW) protects Internet borders on the cloud and at VPC borders. It can detect and defend against intrusions in real time, control traffic in a unified manner, analyze traffic and visualize results, audit logs, and trace traffic sources. You can scale CFW resources as needed.	Virtual Private Cloud (VPC)
Application security	Web Application Firewall (WAF)	WAF can check and protect website service traffic from multiple dimensions. WAF can intelligently identify malicious request features and defend against unknown threats based on deep machine learning.	Websites and IP addresses
Server security	Host Security Service (HSS)	HSS is designed to protect server workloads in hybrid clouds and multi-cloud data centers. It protects servers and containers and prevents web pages from malicious modifications.	Elastic Cloud Server (ECS) and Cloud Container Engine (CCE)

NOTE:

The defense layers for the identity, data, and O&M security have not been rolled out.

Viewing Defense Policies

Log in to the management console.
Click in the upper left corner of the management console and select a region or project.
Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

Figure 1 Workspace management page
In the navigation pane on the left, choose Risk Prevention > Policy Management.

Figure 2 Defense Layer Policies
View defense policy statistics.
- Health Score: indicates the current health status of resources.
  The score ranges from 0 to 100. A larger score indicates a lower risk and higher asset security. For details about the security scores, see Security Overview and Situation Overview.
- Total Assets: displays how many assets, high-risk assets, and assets at other risk levels you have.
- Threat alarm, vulnerability, and baseline check statistics: display unhandled threat alarms, unfixed vulnerabilities, and risky baseline settings.
  - Threat Alarm: Displays threat alarms that have not been handled in the last seven days.
  - Vulnerability Risk: Displays the top 5 types of vulnerabilities in assets and the total number of vulnerabilities that have not been fixed in the last seven days.
  - Baseline Risk: displays resources by risk severity, including critical, high, medium, low, and informational levels, based on the latest baseline inspection results.
- SecMaster Protection Overview: displays the protection status and resource information in the seven defense lines.
  - In the seven defense line area, you can click the icon of a defense line to view the protection products and protection statistics of the defense line.
  - You can view the resource statistics in the resource area.

Configuring Defense Policies

Log in to the management console.
Click in the upper left corner of the management console and select a region or project.
Click in the upper left corner of the page and choose Security & Compliance > SecMaster.
In the navigation pane on the left, choose Workspaces > Management. In the workspace list, click the name of the target workspace.

Figure 3 Workspace management page
In the navigation pane on the left, choose Risk Prevention > Policy Management.

Figure 4 Defense Layer Policies
Click the name of the defense line the security service belongs to. The cloud service information corresponding to the defense line slides out from the right.
On the page of the corresponding cloud service, click Protection Policy to go to the configuration page.

If you have not purchased the corresponding cloud service, click the service name under service overview in the tab to go to the service console and purchase the service.
On the policy configuration page, configure policies of the corresponding cloud service.
- Anti-DDoS policy configuration:
  - Configuring a Protection Policy
  - Configuring a Protection Policy
- CFW protection policies: Configuring Intrusion Prevention and Basic Defense Rule Management
- WAF protection policies: Creating a Protection Policy
- HSS protection policies: Enabling HSS, Creating a Policy Group, and Installation and Configuration