Help Center/ Host Security Service/ FAQs/ Abnormal Logins/ Why Do I Still Receive Remote Login Alarms After Configuring the Login IP Whitelist?
Updated on 2024-08-30 GMT+08:00
View PDF
Share

Why Do I Still Receive Remote Login Alarms After Configuring the Login IP Whitelist?

Even whitelisted IP addresses can certain trigger alarms. The SSH login IP address whitelist, Login Whitelist, and remote login functions focus on different aspects of security, as described in Table 1.

Table 1 Functions

Function

Description

How to Mask Alarm

SSH login IP address whitelist

Only the IP addresses in this whitelist can log in to specified servers via SSH.

NOTICE:

To avoid connection issues, ensure you have not missed necessary IP addresses before enabling this function.

-

Login Whitelist

To reduce false brute-force attack alarms, add trusted login IP addresses and their destination server IP addresses to the Login Whitelist.

Choose Detection & Response > Whitelists. Click the Login Whitelist tab, and add IP addresses. HSS will not generate brute-force alarms for these IP addresses.

Remote login

Logins not from Common Login Locations and Common Login IP Addresses will trigger remote login alarms.

You will be informed of new IP addresses that log in to your servers.

Choose Installation & Configuration > Server Install & Config and click Security Configuration. Add login information on the Common Login Locations and Common Login IP Addresses tabs. Whitelisted logins will no longer trigger remote alarms.
Parent topic: Abnormal Logins