aSecurity provides cyber attack protection policies for the virtual network topology and Layer 7 network protection for business systems within the cloud.

Precautions

The backend aggregates cyber attack events by impact scope and attack source based on cyber attack log data once every 10 minutes.
You can configure up to 512 IPS policies and up to 512 web vulnerability protection policies.
You can configure cyber attack protection policies by resource pool or tenant VPC network but not tenant classic network.
A VM group can contain up to 100 IP addresses. If more IP addresses exist, a new group needs to be created.
To ensure automatic defense against cyber attacks on the tenant VPC network, you need to ensure that cyber attack protection is enabled in the resource pool of the VPC.

Steps

Step 1: Go to aSecurity > Security Capabilities > Cyber Attack Protection, click Create.

Step 2: Basic configuration. Define the Policy Name and Description.

Priority: select the policy’s priority, you can define it below or above an existing policy.

Status: Enable it if you want the current policy to take effect.

Log Event: After checking that you can get the related logs.

Step 3: Source and Destination configuration.

There are two types of the source, IP Range and IP Group.

IP Range: IPv4 address/range supported. One entry per line. IP Address Example: 192.168.1.2. IP Range Example:192.168.2.3-192.168.2.10

IP Group: you can select an IP group directly from the table below, if you have not defined the IP group before, you can click Create to define a new IP group.

Step 4: Destination configuration.

There are four types of destination, IP Range, IP Group, VM and VM group.

The IP Range and IP Group configuration are same as the source.

For the Service you can select the predefined Services, or you can customize it by clicking the Add button under Customer Services.

Step 5: Basic Protection (For All Scenarios) configuration.

IPS: the intrusion protection system monitors network transmission, checks suspicious activities, and generates alerts when detecting suspicious events. There are two modes Intercept mode -Standard and Intercept mode – Loose.

Intercept Mode - Standard: This mode enables a more comprehensive set of protection rules, designed to provide a higher level of security. It includes detailed detection rules for various server vulnerabilities (such as network devices, databases, web servers, mail servers, etc.), which can more effectively identify and intercept complex attacks.

Intercept Mode - Loose: This mode enables fewer protection rules, focusing on intercepting the most common and high-risk attack behaviors. It is suitable for scenarios where minimizing potential false positives or having higher performance requirements is a priority, providing a relatively lower security baseline.

Two actions:

Detect Only: All detected packets will be allowed.

Detect and Block: Packets detected and discarded by the rules or engines will be blocked.

Step 6: Advanced Protection (For Server Scenario) configuration.

Web Vuln Protection: Anti-attack policies for web servers can prevent OS command injection, SQL injection, XSS attacks, and other attacks and information leakage against web applications, as well as brute-force attacks against accounts.

There are two modes Intercept mode -Standard and Intercept mode – Loose.

Two actions:

Detect Only: All detected packets will be allowed.

Detect and Block: Packets detected and discarded by the rules or engines will be blocked.

{{ $t('index.defaultHeader.logo') }}

Sangfor Cloud Platform (SCP)

Cyber Attack Protection