koninr
Intern
Intern
  • UID5328
  • Fans1
  • Follows2
  • Posts12
Reads:365Replies:4

Any security best practice for hardening my Aliyun infrastructure?

Created#
More Posted time:Mar 14, 2018 15:42 PM
As it is mentioned in the subject line, are there any security checlist / best practice for hardening the Aliyun infrastructure?  Thanks.

abdulhafeez
Assistant Engineer
Assistant Engineer
  • UID4972
  • Fans4
  • Follows5
  • Posts42
1st Reply#
Posted time:Mar 14, 2018 15:59 PM
HI @koninr,

Can you share details on your infrastructure & applications, how is the architecture front-end / back-end etc.?

I will share some inputs.

abdulhafeez
Assistant Engineer
Assistant Engineer
  • UID4972
  • Fans4
  • Follows5
  • Posts42
2nd Reply#
Posted time:Mar 14, 2018 16:12 PM

koninr
Intern
Intern
  • UID5328
  • Fans1
  • Follows2
  • Posts12
3rd Reply#
Posted time:Mar 15, 2018 12:45 PM
abdulhafeez:HI @koninr,

Can you share details on your infrastructure & applications, how is the architecture front-end / back-end e...
回到原帖
Thanks abdulhafeez.  I am planning to write a security assessment checklist for Aliyun that it would focus on few fields. i.e. IAM (e.g. Policy, MFA), Logging (e.g. API logging), Monitoring (e.g. log metric filter, alarm), Networking (e.g. Security Groups), Database (e.g. RDS) , VPC (e.g. Security Groups)

abdulhafeez
Assistant Engineer
Assistant Engineer
  • UID4972
  • Fans4
  • Follows5
  • Posts42
4Floor#
Posted time:Mar 15, 2018 19:51 PM

Hi @koninr :

Great initiative !!

I suggest you to have a look on this URL:

you can go through below URL:

https://www.alibabacloud.com/help/faq-list/60793.htm?spm=a3c0i.l35474en.a3.8.5cda4974itCmxm

Please consider below points in your assessment checklist:

- Login Security / User Access (RAM etc.)
- Host-level security (ECS) (server guard AV., Windows updates etc)
- Application level security (upgrades/patches etc)
- Network security / isolation (VPC / Security Groups etc)
- Data level / data transmission security (white listening of certain sources)
- Internet facing layer protection (Anti-DDoS, WAF, SLB traffic encryption etc.)

Let me know if you need any help

Cheers !!
Guest