×
Community Blog Tips to Secure Your Applications on ECS Instance

Tips to Secure Your Applications on ECS Instance

ECS offers secure virtual cloud servers, and you can get some tips to harden the security for your applications in this article.

Common Web Applications

  1. Do not use default passwords or blank passwords for web service consoles such as WDCP, TOMCAT, Apache, Nginx, Jekins, PHPMyAdmin, WebLogic, and Jboss. A complex password (minimum of 10 characters, and can contain uppercase and lowercase letters, digits, and special symbols) must be used. Idle consoles must be turned off. Otherwise, those consoles may be hacked to gain control of your ECS servers.
  2. Upgrade web applications to the latest version. For example, a vulnerability is executable remotely for a previous version of Struts and ElasticSearch. Make sure that your web applications are up-to-date. Otherwise, hackers may gain control of your ECS servers.
  3. If Redis, Memcached, and MongoDB are set to password-free access, hackers may log on remotely to gain control of your server. To guarantee server security, use a complex password for access. Additionally, modify the ports and bind the listening IP to 127.0.0.1.

Common Database Applications

  1. Modify default connection ports for services such as Postgresql, Oracle, MySQL, and SQLServer, to non-common ports.
  2. Create different accounts for different roles and refine authentication. Do not share the account or log on to the database by using the system account.
  3. Use a complex password (minimum of 10 characters, and can contain uppercase and lowercase letters, digits, and special symbols) for the database password.

Related Documentation

Cases for configuring ECS security groups

When creating an ECS instance of the VPC network, you can either use the default security group or use other existing security groups in the VPC. A security group is a virtual firewall used to control the inbound and outbound traffic of an ECS instance.

This topic lists some common security group configurations for ECS instances of the VPC network.

Best practices of ECS data security

This document introduces how to implement data security for ECS instances from the O&M perspective.

  1. Back up data regularly
  2. Design security domains properly
  3. Set security group rules
  4. Set logon passwords
  5. Server port security
  6. Application vulnerability protection
  7. Security information collection

Related Blog Posts

Automating Security Groups Updates on Alibaba Cloud

When you create an Alibaba Cloud Elastic Compute Service (ECS) instance, you also create or specify a security group. This security group acts as a firewall controlling what can access your ECS instance. For Linux instances, one of the rules allows SSH (TCP port 22) access. Best practices require that you only allow SSH access from TCP/IP addresses that you control. By only allowing your TCP/IP addresses through the security group (firewall) you reduce the exposure footprint of your ECS instance.

Creating a security group rule for SSH is very easy on the Alibaba Cloud Console. However, keeping that rule up to date with your current TCP/IP address can be a pain. First you must figure out what your public TCP/IP address is, login to the Alibaba Cloud Console, find your security group and then modify the security group with a new rule for your public IP address and finally delete the old rule.

In this tutorial, we will learn how to use Windows Task Scheduler to setup a recurring task to automatically keep your ECS security group up to date with your public TCP/IP address.

Top 5 Security Considerations for Cloud Deployments

In this article, we will address these concerns by discussing the top 5 security considerations you should look out for in a cloud provider. The Alibaba Cloud Security team has also written a detailed security whitepaper, covering all your security concerns of deploying on Alibaba Cloud.

  1. Security Architecture of Cloud Provider
  2. Security Features of Cloud Products
  3. Security Services Offered by Cloud Provider
  4. Security Compliance and Credentials
  5. Shared Security Responsibility Model

Related Products

Elastic Compute Service

Alibaba Cloud Elastic Compute Service (ECS) provides fast memory and the latest Intel CPUs to help you to power your cloud applications and achieve faster results with low latency. All ECS instances come with Anti-DDoS protection to secure your data and applications from DDoS and Trojan attacks.

Alibaba Cloud Security Services

Alibaba Cloud protects Alibaba Group's own business, such as Double 11 Global Shopping Festival for 10 years. The accumulated extensive experiences from various and massive security attacks ensure that your business threats and attacks are minimized on the cloud.

Related Special Offer

Elastic Compute Service Starter Packages

Alibaba Cloud offers easy-to-use high-performance virtual machines with data transfer plan starting from $2.50 a month now.

0 0 0
Share on

Alibaba Clouder

1,403 posts | 218 followers

You may also like

Comments

Alibaba Clouder

1,403 posts | 218 followers

Related Products

  • Managed Security Service

    Identify vulnerabilities and improve security management of Alibaba Cloud WAF and Anti-DDoS and with a fully managed security service

    Learn More
  • Security Center

    Security Center is a flagship security product that integrates both Server Guard and Threat Detection Service. It is a unified security management system that recognizes, analyzes, and alerts of security threats in real-time.

    Learn More