Using CFW to Defend Against Vulnerability Exploits

Application Scenarios

Vulnerabilities are often the breakthrough point for intruding a system. They provide opportunities for attackers to bypass security control, posing threats to the system.

The IPS rule library of CFW provides defense rules for vulnerability exploits. It can detect malicious behaviors in network traffic in depth and automatically block potential attacks to effectively cope with diverse vulnerability exploits.

What Is a Vulnerability Exploit?

A vulnerability exploits refer to the behavior that attackers exploit security vulnerabilities in a system, software, or hardware to access the target system without authorization or damage it through well-constructed attack methods to achieve malicious purposes. These vulnerabilities are usually caused by defects in the design, implementation, or configuration process. They provide an opportunity for attackers to bypass security mechanisms.

Multiple technologies and methods can be used in vulnerability exploits, including but not limited to:

• Injection attacks: Examples of injection attacks include SQL injection and command injection. Attackers insert malicious code into the input fields of applications to perform unexpected operations or access sensitive data.
• Cross-site scripting (XSS): Attackers exploit website security vulnerabilities to inject malicious scripts into users' browsers to steal user information and session tokens or perform other malicious activities.
• Cross-site request forgery (CSRF): An attacker tricks a user into performing an unexpected operation on a web application that the user has logged in to, such as transfer money or change password, while the user is unaware of the operation.
• Buffer overflow: An attacker sends data that is beyond the processing capability of a program, causing the program to crash or execute malicious code.

Harms of Vulnerability Exploits

The harms of vulnerability exploits include but are not limited to:

• Economic loss: Vulnerability exploits may cause service interruption and data leakage, resulting in huge economic losses.
• Information leakage: Attackers can exploit vulnerabilities to obtain sensitive information such as users' contacts and chat records, infringing on personal privacy.
• Network damage: After successfully attacking a server, a hacker may turn the server into a zombie and use the zombie to attack other servers, expanding the attack scope.
• Malware spread: Attackers may exploit vulnerabilities to implant malware, such as viruses and Trojans, into a victim's system to further damage system security.

How to Defend Against Vulnerability Exploits

To defend against vulnerability exploits, you can update and fix vulnerabilities in a timely manner, use strong passwords and multi-factor authentication, periodically back up data, use firewalls and protection software, implement access control, and periodically perform security audits and vulnerability scans. You can also use the CFW intrusion prevention function to block vulnerability exploits.

1. Log in to the management console.
2. Click in the upper left corner of the management console and select a region or project.
3. In the navigation pane on the left, click and choose Security & Compliance > Cloud Firewall. The Dashboard page will be displayed.
4. (Optional) Switch firewall instance: Select a firewall from the drop-down list in the upper left corner of the page.
5. In the navigation pane, choose Attack Defense > Intrusion Prevention. Click View Effective Rules under Basic Protection. The Basic Protection tab is displayed.
6. Filter the rules for defending against vulnerability exploits. In the filter above the list, select Vulnerability-Attack from the Attack Types drop-down list.
7. Enable protection in batches. Select multiple rules at a time and click Intercept.
   

   Intercept: The firewall records the traffic that matches the current rule in attack event logs and blocks the traffic.