Loose protection policy

Normal protection policy

Strict protection policy

Progression protection policy

Elastic Public IP

CDN

EIP + SLB

EIP + NAT Gateway

DNS service

Password-free login

Two-factor authentication

Phone number binding

Phone or email verification for password resetting

rule setting for security group supports both in and out direction configuration

default security group rule is safe enough, please don ' t change it too much

by default, ECS in different security group can communicate with each other

one ECS can be in several different security group

for users who is using IAAS service, they should be responsible for their business system which is

on top of cloud infrastructure

cloud service provider should guarantee the security of all physical infrastructure

the damage caused by attacks leveraging security vulnerability in customers ' application server

should be charged to cloud service provider

cloud user should also take care of some of the hardware maintenance and operation work

Attack initiated time

Attack type

Tools attacker used

Attack source IP

Physical location of attacker

you can use ' mysqldump ' do logical backup

you can copy files directly to do physical backup

you can use ' binlog ' to do real time backup

you must stop accessing to DB before you do logical backup

HTTP is a network layer protocol

the data transmitted by this protocol is auto-encrypted

default service port is 80

HTTP protocol can ' t be used to transmit file

OS system log

Application log

Hypervisor log

Cloud platform log

CC attack will simulate real user requests

Will consume massive sever side resource

CC attack is done on network layer

The request generated by CC attack is hard to be distinguished from normal requests