Remote Scan vulnerability for cloud security

Source: Internet
Author: User
Keywords Server attack implementation
Tags analysis cloud cloud security configuration configured direction find help
This article describes the benefits of using remote vulnerability scanning services in the cloud. This service can be loaded by any system from anywhere, as if a remote entity managed by a third party. The Open Source Vulnerability analysis tool can help open, comprehensive review of cloud security. Vulnerability analysis is only part of ensuring server security. Clearly, it is a big step in the right direction to precisely define a vulnerability assessment policy.


  


1, Introduction


  


for any security policy, vulnerability assessment is an important aspect. Now, attacks on Internet hosts are increasingly driven by interest, so they are more cunning and more widely distributed.


  


It seems a lot harder to protect all the Web servers, but most of the attacks that hackers initiate can be avoided.


  

The
server configuration does not meet the requirements or the tools used are not updated and can easily lead to a large number of Internet servers being attacked. Because hackers are easy to find and exploit server vulnerabilities. It is not difficult to make sure that the server is up to date and there are no configuration errors, but these tasks are ignored due to time constraints.


  

The
vulnerability assessment helps identify errors in the server's security configuration and also helps to uncover software vulnerabilities that require patches to be installed.


  


can help your organization achieve scale benefits by leveraging remote vulnerability assessments in the cloud. Because configuration and management assessment tools do not require expertise, you can also assess your organization's vulnerabilities.


  


2, an increasingly serious threat scenario


  

The simplification of
attack automation and access exploits is the main reason why servers are increasingly threatened. In fact, if you want to prove how easy it is, you can access http://www.milw0rm.com, select a recent Web application vulnerability, and then enter "Googledork" in Google--for example, " Poweredbyscriptname ", in five minutes, look at all the pages on the server you can find how many vulnerabilities.


  


3, the common carrier of the loophole


  


3.1 improperly configured server


  


confusing file permissions, improperly configured Web or email servers, or when the time is ticking, you're still stuck in a temporary patch update--improperly configured servers are everywhere, and often because time constraints aren't too much to consider, making it even a system administrator.


  


3.2 Software has not been updated


  


server operating systems and applications need to be updated, which is not optional. With Windows Updates, yum, and apt tools, you can help update reduce a large number of host vulnerabilities, but many hosts will still be ignored. This is only a matter of time when a faulty service is discovered and the system suffers.


  


3.3 Web Script


  


PHP and ASP applications and scripts are an effective way to implement Web page dynamics, but when there is a security update available, such as the operating system and software must be guaranteed to be updated. A good example of this is WordPress blog software, we chose WordPress not because it is particularly unsafe, but because it represents a widely popular script--once exposed some dangerous security vulnerabilities in the past. These scripts need to be constantly updated because they are easy to ignore-until your blog is attacked and you embed a malicious page to attack your browsing user.


  


3.4 Password is not safe


  


on the Internet is essential to use strong passwords, viewing the host and internet records is a very simple thing, it is also easy to find how long the system will probably be brute force attack once. Brute force attacks can jeopardize many service items, including Ssh,rdp,ftp,web forms and VNC.


12 Next
Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.