Community Blog Tips to Secure Your Applications on ECS Instance

Tips to Secure Your Applications on ECS Instance

ECS offers secure virtual cloud servers, and you can get some tips to harden the security for your applications in this article.

Alibaba Cloud Elastic Compute Service (ECS) offers elastic, secure, high-performance and cost-effective virtual cloud servers to cater all your needs. You can gain deep insights on ECS and integrate the best practices on the cloud to empower your business on our Academy Day Online Conference in March 5th, 2020 with free ACA Cloud Computing certification exams. Sign up free here now!

Common Web Applications

  1. Do not use default passwords or blank passwords for web service consoles such as WDCP, TOMCAT, Apache, Nginx, Jekins, PHPMyAdmin, WebLogic, and Jboss. A complex password (minimum of 10 characters, and can contain uppercase and lowercase letters, digits, and special symbols) must be used. Idle consoles must be turned off. Otherwise, those consoles may be attacked to gain control of your ECS servers.
  2. Upgrade web applications to the latest version. For example, a vulnerability is executable remotely for a previous version of Struts and ElasticSearch. Make sure that your web applications are up-to-date. Otherwise, attackers may gain control of your ECS servers.
  3. If Redis, Memcached, and MongoDB are set to password-free access, attackers may log on remotely to gain control of your server. To guarantee server security, use a complex password for access. Additionally, modify the ports and bind the listening IP to

Common Database Applications

  1. Modify default connection ports for services such as Postgresql, Oracle, MySQL, and SQLServer, to non-common ports.
  2. Create different accounts for different roles and refine authentication. Do not share the account or log on to the database by using the system account.
  3. Use a complex password (minimum of 10 characters, and can contain uppercase and lowercase letters, digits, and special symbols) for the database password.

Related Documentation

Cases for configuring ECS security groups

When creating an ECS instance of the VPC network, you can either use the default security group or use other existing security groups in the VPC. A security group is a virtual firewall used to control the inbound and outbound traffic of an ECS instance.

This topic lists some common security group configurations for ECS instances of the VPC network.

Best practices of ECS data security

This document introduces how to implement data security for ECS instances from the O&M perspective.

  1. Back up data regularly
  2. Design security domains properly
  3. Set security group rules
  4. Set logon passwords
  5. Server port security
  6. Application vulnerability protection

Related Blog Posts

Automating Security Groups Updates on Alibaba Cloud

When you create an Alibaba Cloud Elastic Compute Service (ECS) instance, you also create or specify a security group. This security group acts as a firewall controlling what can access your ECS instance. For Linux instances, one of the rules allows SSH (TCP port 22) access. Best practices require that you only allow SSH access from TCP/IP addresses that you control. By only allowing your TCP/IP addresses through the security group (firewall) you reduce the exposure footprint of your ECS instance.

Creating a security group rule for SSH is very easy on the Alibaba Cloud Console. However, keeping that rule up to date with your current TCP/IP address can be a pain. First you must figure out what your public TCP/IP address is, login to the Alibaba Cloud Console, find your security group and then modify the security group with a new rule for your public IP address and finally delete the old rule.

In this tutorial, we will learn how to use Windows Task Scheduler to setup a recurring task to automatically keep your ECS security group up to date with your public TCP/IP address.

Top 5 Security Considerations for Cloud Deployments

In this article, we will address these concerns by discussing the top 5 security considerations you should look out for in a cloud provider. The Alibaba Cloud Security team has also written a detailed security whitepaper, covering all your security concerns of deploying on Alibaba Cloud.

  1. Security Architecture of Cloud Provider
  2. Security Features of Cloud Products
  3. Security Services Offered by Cloud Provider
  4. Security Compliance and Credentials
  5. Shared Security Responsibility Model

Related Products

Elastic Compute Service

Alibaba Cloud Elastic Compute Service (ECS) provides fast memory and the latest Intel CPUs to help you to power your cloud applications and achieve faster results with low latency. All ECS instances come with Anti-DDoS protection to secure your data and applications from DDoS and Trojan attacks.

Alibaba Cloud Security Services

Alibaba Cloud protects Alibaba Group's own business, such as Double 11 Global Shopping Festival for 10 years. The accumulated extensive experiences from various and massive security attacks ensure that your business threats and attacks are minimized on the cloud.

Related Special Offer

Elastic Compute Service Starter Packages

Alibaba Cloud offers easy-to-use high-performance virtual machines with data transfer plan starting from $2.50 a month now.

0 0 0
Share on

Alibaba Clouder

2,605 posts | 746 followers

You may also like