Shulou(Shulou.com)11/24 Report--

For small and medium-sized enterprises, the stable operation of business after cloud needs a secure environment. At present, the network environment is complex and network security risks occur frequently. once serious security problems occur, business interruption and data leakage may occur, or it may directly destroy an enterprise, especially those start-up or growing small and medium-sized enterprises. it is undoubtedly a disaster to encounter this kind of security problems.

At present, more than 75% of the network attacks in the field of information security occur in the Web application layer, including data disclosure, data tampering, website tampering, domain name hijacking, DDoS attacks, website inaccessibility or business interruption caused by hacker attacks.

How to deal with the above security problems? Huawei Cloud provides a number of website security solutions for enterprises of different business sizes. Currently, there are four types of services, including DDoS high defense AAD for application security, Web application firewall WAF, enterprise host security HSS for load security, cloud fortress machine CBH, database security service DBSS for data security governance, cloud certificate management service CCM, data security center DSC, vulnerability scanning service VSS for omni-directional management system security situation, security cloud brain (situation awareness SA), and threat detection service MTD. At this stage, for most enterprises, AAD, WAF, HSS are the core tools to build business security, especially for start-up and growing small and medium-sized enterprises, these three axes are very important for the maintenance of business security. Next, let's take a look at the performance of Huawei's cloud website security solution through experience and actual testing.

Service experience the AAD, WAF and HSS services provided by Huawei Cloud can be purchased from the Huawei Cloud website Security solution console. Next, let's take a look at how these three axes protect users' business security.

DDoS High Defense AADAAD, as a protection service against DDoS attacks launched by Huawei Cloud, brings together Huawei Cloud's security attack and defense experience and practice for more than 10 years. Currently, native advanced protection is provided for IP on Huawei cloud. Users do not need to change the IP address, but can directly load the security capabilities provided by DDoS native advanced protection into cloud services with simple configuration. AAD services can effectively deal with all kinds of DDoS attacks, so as to protect business continuity.

At present, DDoS attacks are a kind of network security attacks that websites are easy to suffer. This kind of attacks maliciously launch large-scale requests to business hosts through controlled "meat machines", resulting in sudden emergence of a large number of network requests, resulting in server network congestion and affecting the normal access of normal users to applications.

During our testing, we used Huawei Cloud Server L instance (HECS L instance). This lightweight cloud server can help start-up and growth small and medium-sized enterprises and individual developers to quickly build their own business and achieve minute-level deployment. Cloud Cloud Server L instance integrates CVM, network, storage and security, further simplifies parameters and options, and provides a variety of application images and system images, without much knowledge of operation and maintenance. You can deploy, manage and use resources through visual pages.

Here, we quickly build a business website through the WordPress image provided by Huawei Yunyao CVM L instance to simulate the attacked application. Users only need to select, purchase, and set the administrator user name and password to quickly build the WordPress site building system. This process does not require users to manually install Nginx, PHP environment and MySQL database, and can be deployed with one click without the command line, which is more convenient and efficient.

After the deployment of WordPress site building system for Huawei Cloud Server L instance, we added its IP to the AAD native high defense. Network attacks occurred all the time. The business deployed Huawei cloud cloud server L instance was quickly subjected to a small wave of DDoS attacks. AAD native high defense quickly detected anomalies and cleaned the attack traffic. Currently, Huawei Cloud DDoS High Defense Server provides layer 4-7 attack defense, which can be monitored and intercepted in real time against abnormal traffic. Through AI technologies such as machine learning and business risk control big data intelligent isolation, real-time attack traffic cleaning can be achieved, so as to avoid the impact of sudden malicious attacks on business sites and ensure the normal use of users.

Huawei Cloud AAD service provides more than 5T DDoS high defense overall defense capability, a single IP up to 600G defense capability, can well resist all kinds of DDoS attacks at the network layer and application layer, this low latency and high availability response capability, you can monitor DDoS attacks in real time, and achieve near source cleaning through AnyCast technology. Through AI adaptive defense baseline learning, you can automatically learn business and attack types, and support more than 100 protection types. Very good efficient protection, zero false positives.

At present, AAD native high defense only needs to bind the IP purchased on Huawei Cloud to use, which is very friendly for start-up and growth small and medium-sized enterprises, with high performance and price. For large sites with larger business scenarios, you can purchase other products of native protection or DDoS high defense on this basis.

Web application firewall WAF Huawei Cloud WAF mainly carries out multi-dimensional detection and protection for website business traffic, intelligently identifies malicious request characteristics and protects against unknown threats through machine learning, and prevents websites from malicious attacks and intrusions. After the purchase of this service, all public network traffic of the website will pass through WAF first, malicious attack traffic will be detected and filtered, and normal traffic will be returned to the origin server IP.

WAF mainly deals with four core challenges, including data disclosure, 0day vulnerabilities, CC attacks and web page tampering. Among them, data leakage generally attacks business websites through SQL injection, web Trojans and other means, often resulting in database intrusion and core business data theft. There are also malicious attackers who exploit 0day vulnerabilities that break out in third-party frameworks or plug-ins.

In addition, there are common CC attacks, which occupy core resources for a long time by issuing a large number of malicious CC requests, so that the computing power of the server can not be released, resulting in slow or interrupted business operation.

Web page tampering is that attackers leave a back door or tamper with web content on the website server through related technologies, resulting in business interruption or other negative effects.

First of all, let's take a look at how to deal with data leakage. Here Huawei Cloud WAF service accurately detects malicious traffic through semantic analysis and regular expressions to identify attack traffic, supports 11 kinds of code restoration, identifies more metamorphosis attacks, and reduces the risk of malicious attacks bypassing WAF. Here, we simulate the SQL injection attack on the L instance of Yun Yao CVM through SQLMap simulation.

We can see that in the WAF console, after the SQL injection attack occurs, WAF quickly detects the attack and locates the attacked site, the original IP and the attacked URL to accurately prevent the attack.

For 0day attacks, WAF supports repairing high-risk vulnerabilities within two hours at the earliest, and the cloud automatically updates the latest protection rules to ensure business security.

In response to large-scale CC request attacks, WAF adopts a speed limit strategy for malicious IP or Cookie to accurately identify CC attacks in order to ensure business security; WAF also has special detection for web page tampering to prevent website servers from being injected with malicious code and protect website visitors and page content security.

Compared with other Web application firewall products, WAF also provides a full range of attack logs, access logs and request logs, and the sensitive data in these logs will also be blocked to avoid divulging users' privacy information.

Once the enterprise host security HSS malicious attack gains the control of the host, it will undoubtedly be the deadliest blow to the enterprise business. Huawei Cloud Enterprise Host Security Service HSS is a service that ensures workload security. It comprehensively identifies and manages the information assets in the host through host management, risk prevention, intrusion detection, advanced prevention, security operation, and web page tamper prevention functions. Real-time monitor the risks in the host and prevent illegal intrusions, help enterprises to build a server security system, and reduce the main security risks faced by the server.

For users with different needs, Huawei Cloud provides HSS basic version, professional version, enterprise version, flagship version, container version and web page anti-modification version for users to choose from. Huawei Cloud's newly launched cloud cloud server L instance is available in HSS basic version. Through unified asset management, HSS can detect and deal with the risks of hosts in the same area, quickly analyze the risks of hosts in the same area, and effectively resist key attacks such as extortion virus, web page tampering, illegal intrusion and so on.

Here we use Hydra simulation dictionary attacks to violently crack the cloud cloud server L instance. For these attacks, Huawei Cloud HSS blocked the cracking of Hydra in a very short time after the execution of the command.

Huawei Cloud HSS console responded quickly, indicating that the cloud cloud server L instance is being violently cracked. At the same time, Huawei Cloud HSS also records the source of the violence.

Huawei Cloud HSS provides application security intrusion detection, middleware vulnerability scanning, threat blocking and other capabilities to help customers quickly identify threats, trace the source, block and strengthen them in the business development phase and operation phase. In terms of application security, Huawei Cloud HSS self-developed RASP technology, through driver-level file directory locking, tamper detection automatic recovery, remote backup recovery, accurate identification of application code, middleware vulnerabilities, attacks, automatic detection and protection. Through Huawei Cloud HSS, users can better achieve equal security compliance and effectively avoid the risks of extortion, data leakage and web page tampering caused by hackers.

The above AAD, WAF and HSS are the three most common security tools for Huawei cloud network security solutions for enterprises of different sizes. In addition, for higher security requirements, Huawei Cloud also has cloud fortress machine CBH, data security center DSC, database security service DBSS, cloud certificate management service CCM, security cloud brain (situational awareness SA) and other enterprises suitable for a large number of cloud assets security management needs.

CBH mainly realizes the fine management of people, resource accounts and access process by establishing an one-to-one correspondence between the main account and the resource slave account. Help customers to establish a safety management system of pre-planning, in-process control and post-audit, reduce the risk of data leakage and IT accidents caused by internal man-made reasons, and start efficient operation and maintenance.

DSC provides basic data security capabilities such as data classification, data security risk identification, data watermark traceability, data desensitization and other basic data security capabilities. Through the data security overview, it integrates the states of all stages of the data security life cycle, and presents the overall data security situation on the cloud.

DBSS is an intelligent database security service, which provides database audit, SQL injection attack detection, intelligent identification of risk operations and other functions based on machine learning and big data analysis. It supports the audit of RDS and ECS / BMS self-built databases, and provides user behavior discovery audit, multi-dimensional analysis, real-time alarm and report functions to ensure the security of sensitive data.

CCM is an one-stop certificate lifecycle management service provided by Huawei Cloud in conjunction with GeoTrust, DigiCert, GlobalSign, CFCA, vTrus and TrustAisa. Certificate types include DV (Basic), DV, OV, OV Pro, EV and EV Pro. Users do not need to build and maintain a complex CA infrastructure. Users can easily obtain CA management and certificate management services by paying on demand on Huawei Cloud, and support the creation of flexible CA hierarchies. It includes root CA and slave CA, and supports external CA to meet more application scenarios. Currently, multiple key algorithms such as RSA2048, RSA4096, EC256, EC384 and x.509v3 certificate format are supported.

Security Cloud brain (situational Awareness SA) provides unified threat detection and risk management capabilities, uniformly detects typical security risks to users' cloud assets, restores attack history, perceives attack status, predicts attack situation, and provides strong security management capabilities in advance, during and after.

At present, this service covers detection of threat alarms in 8 categories and 200 + subcategories, rapid analysis of attack sources, preset security scheduling policies, real-time detection of alarms, and user defense and disposal risks. In addition, there is a special large screen and report system indicators for real-time viewing to help enterprises with more cloud assets to achieve unified and safe operation.

It is concluded that Huawei Cloud website security solutions are suitable for government / institutions, pan-Internet enterprises, banking systems / financial institutions, games / e-commerce and other enterprises and institutions, most of which are also suitable for start-up and growth enterprises.

The combination of these security schemes can well help customers prevent malicious traffic such as Web attacks, web page tampering, data disclosure, SQL injection, DDoS attacks accompanied by a large number of CC attacks, crawler brushing and other malicious traffic. at the same time, through unified management and security audit, they can well meet the relevant provisions and requirements of laws related to security compliance 2.0 and network security protection. In addition, related security resources and services support flexible expansion. It is convenient for the business to upgrade and expand to better ensure that resources are not wasted.

For start-up and growth enterprises, they often rely on a single business to maintain the survival of the whole company. at this time, security is naturally an important issue that can not be ignored, and enterprise business needs website security solutions to protect it.

At present, Huawei Cloud 828 marketing season is in progress, and provide Shangyun gift, website security-related services also have significant discounts. For start-up and growth enterprises, it is a good time to purchase safety products.

In addition, for start-up and growth enterprises as well as individual developers, Huawei Yunyao Cloud Server L instance also offers generous discounts, 2-core 2G 3M, only 29 yuan 3 months after receiving the coupon, a lot of discounts. Interested friends should take action right away.

Activity address: click here to enter

Related reading: "three steps to build a site, twice the performance: Huawei Yunyao CVM L instance experience"

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.