To achieve cloud security so simple scan a remote vulnerability is done

Source: Internet
Author: User
Keywords Servers attacks implementations cloud security
Tags analysis cloud cloud security configuration configured direction distributed find
The Open Source Vulnerability analysis tool can help open, comprehensive review of cloud security. Vulnerability analysis is only part of ensuring server security. Clearly, it is a big step in the right direction to precisely define a vulnerability assessment policy.

1. Introduction

Vulnerability assessment is an important aspect of any security policy. Now, attacks on Internet hosts are increasingly driven by interest, so they are more cunning and more widely distributed.

It seems difficult to protect all the Web servers, but most of the attacks that hackers initiate can be avoided.

Server configuration does not meet the requirements or the tools used are not updated, easy to cause a large number of Internet servers are vulnerable. Because hackers are easy to find and exploit server vulnerabilities. It is not difficult to make sure that the server is up to date and there are no configuration errors, but these tasks are ignored due to time constraints.

Vulnerability assessments can help identify errors in the server's security configuration and help to uncover software vulnerabilities that require patches to be installed.

By leveraging remote vulnerability assessments in the cloud, you can help your organization achieve scale benefits. Because configuration and management assessment tools do not require expertise, you can also assess your organization's vulnerabilities.

2. The increasingly serious threat situation

The simplicity of attack automation and access exploits is the main reason why servers are increasingly threatened. In fact, if you want to prove how easy it is, you can access http://www.milw0rm.com, select a recent Web application vulnerability, and then enter "Googledork" in Google--such as "Poweredby Tname", In five minutes, see how many vulnerabilities you can find on all the servers on your Web page.

3. Common carrier of loophole existence

3.1 Improperly configured servers

Messy file permissions, improperly configured Web or email servers, or when the time is ticking and you're stuck in a temporary patch update--improperly configured servers are everywhere, and often because time constraints aren't too much to consider, making it even a system administrator.

3.2 Software has not been updated

server operating systems and applications need to be updated, which is not optional. With Windows Updates, yum, and apt tools, you can help update reduce a large number of host vulnerabilities, but many hosts will still be ignored. This is only a matter of time when a faulty service is discovered and the system suffers.

3.3 Web Script

PHP and ASP applications and scripts are an effective way to implement Web page dynamics, but when there are security updates available, such as operating systems and software must be guaranteed to be updated. A good example of this is WordPress blog software, we chose WordPress not because it is particularly unsafe, but because it represents a widely popular script--once exposed some dangerous security vulnerabilities in the past. These scripts need to be constantly updated because they are easy to ignore-until your blog is attacked and you embed a malicious page to attack your browsing user.

3.4 Password Not safe enough

Surfing on the Internet is essential to use strong passwords, viewing the host and internet records is a very simple thing, it is also easy to find how long the system will probably be brute force attack once. Brute force attacks can jeopardize many service items, including Ssh,rdp,ftp,web forms and VNC.

3.5 Password Reuse

It is unrealistic to use a different password for each login, but it is unwise to use the same password everywhere. The survey found that server users would always use the same password on the Web page host system on a poorly configured online forum, and that the same password would be used on the web.

4. Illegal use of servers

4.1 Spam

Criminals use servers to send thousands of spam messages, which are profitable for them. Only when you block or blacklist them will they stop sending spam, but they may find another way to exploit the server.

4.2 Widely distributed malware

Using a Web server to provide Web content services-just the content itself, what if there is malware in the Web page? Enter your customer or user system, and spread malware such as keyboard records, and eventually empty the user's bank account funds.

4.3 Phishing Websites

We've seen a lot of emails posing as PayPal or bank pages, and if these fake pages come from your web host, the problem will be serious.

4.4 Warez File Storage

Pirated software, movies, or other valuable replicas can be stored and delivered online via your server.

5. System security

• Each attack will delay the normal operation of the server, if you are running an online business, this price will be higher.

• It takes a lot of time to solve problems, form emergency response mechanisms and solve problems quickly.

• The compromised system should rebuild a clean backup data, which is a small task in itself.

• Your reputation will be lost and you will lose your existing customers.

6. Cloud Security

The technology management of security scanning tools is included in the cloud, constantly updating security tools and optimizing scans, and should be carried out by technical experts rather than general information technicians

Cloud Security provides:

Non-intrusive scan network and host perimeter

Simulate network attacks against your network environment

Systems and policies for testing intrusion detection and incident response

Provides an additional layer of protection for security. Security is an ongoing process that requires various levels of protection

To facilitate further investigation, send you a detailed technical report via email

Technical Security Intelligence support staff, consultant follow-up add to improve

Help you lighten your workload and concentrate on doing your business

Economic initiatives to ensure server security

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.