The system has a built-in weak password dictionary. Detect the account password according to the dictionary rules, display the risks of weak password through the cloud platform and remind the user to make modification, to prevent the system account from being cracked.
Automatically identifying abnormal login behavior and carrying out early alarm according to system design rule, and the users can set the common login area. When the login address is uncommon login address, the alarm record is generated and reported to the cloud platform to remind the user that there is a risk of remote login.
It includes brute force attack of remote login, database’s anti-brute force attack, FTP’s anti-brute force attack. Obtain the IP that attempts to perform brute force attack through the methods of system log, analysis of network packet’s protocol and port and judge that whether it meets the protection rules, if so, interception shall be performed and shall be reported to the cloud platform
Regularly detect system high-risk vulnerabilities and report Virtual Machines vulnerability details. The product provides Windows system vulnerability restoration feature. Linux provides vulnerability restoration suggestions and it needs to manually complete the vulnerability restoration.
The best practices of linux compliance baseline show the basic configuration which is mostly frequently used by public cloud tenants to users from aspects of file permission, service configuration, identity authentication, intrusion prevention and control as well as security audit, giving the visual understanding of operating system security configuration of Virtual Machines to tenants and preventing intrusion incidents due to configuration omissions.
With the asset fingerprint function, the following information on servers will be periodically collected and recorded: running process, port service, account information and software information. Meanwhile, historical change status can be recorded and search is supported, helping you fully understand the asset running status and facilitating invasion check.
rootkit, a sort of malicious software hiding itself in the computer operating system, provides such security capabilities as kernel level rootkit detection, application level rootkit detection, etc. through the Endpoint Security back door detection function.
Through audit of the suspicious operations entered in the user command line, including: password file modification, malicious file downloading, agent software misuse, system log tampering, ssh key pair tampering, hacker tool running, bounce shell, information leakage, high risk command, program damaging security, plaintext password login, etc.