I. Program introduction
Security Credibility is a program that Alibaba Cloud has developed to improve your user experience during security protection and provide higher security capabilities. Alibaba Cloud provides users in this program with flexible anti-DDoS protection capabilities based on the security credibility of the user.
Currently, you can join Security Credibility for free.
II. Program benefits
- A higher black hole threshold. The black hole threshold is adjusted flexibly based on your credit score. For most users, the adjusted black hole threshold is no smaller than the default threshold. This lowers the probability that your servers fall into a black hole.
- Open credibility evaluation criteria. The members of this program can improve their credibility based on the credibility evaluation criteria to obtain more protection capabilities.
III. Security protection mechanism
- The anti-DDoS protection capability of a user is adjusted based on the security credit score of the user. Most users can obtain additional anti-DDoS protection capability for free.
- The security credit score is the basis for calculating the black hole threshold. If the attack traffic volume is below this threshold, Alibaba Cloud protects your ECS and SLB instances against the attacks at zero cost. If your servers fall into black holes frequently, the black hole threshold is lowered to the default value. If the attack traffic volume exceeds the current threshold, your servers fall into a black hole to block all IP addresses.
- Attacks affect the next credibility evaluation.
- The security protection capabilities that you can obtain from the program are provided by a resource pool shared by all members of the program. In standard cases, Alibaba Cloud provides you with security protection capabilities based on your credit score. However, if the members of the program encounter attacks or other malicious events together and the resources in the shared resource pool run out, your security protection capabilities may be reduced.
- For users with frequent black holing, Alibaba Cloud reserves the right to increase the black hole duration and lower the black hole threshold. You can go to the console to view the black hole threshold and duration.
- If the attack traffic volume exceeds the traffic covered by the additional protection capabilities provided by the program, you must purchase Anti-DDoS Pro to obtain higher protection capabilities. Otherwise, services running on your ECS and SLB instances may be interrupted due to DDoS attacks.
- Make sure to keep your security credit score and related information confidential.
IV. Terms of service
1 You understand and acknowledge that you shall not use the security protection capabilities that you obtain as a member of the Security Credibility program to perform any of the following activities:
1.1 Provide either paid or free security protection services to others.
1.2 Illegal activities or activities that do not comply with the service purposes or procedures according to the information published on www.alibabacloud.com or the assessment of Alibaba Cloud.
1.3 Upload, download, or disseminate any of the following information, or help others in such activities:
1.3.1 Political propaganda and/or news information in violation of China's regulations;
1.3.2 Information related to China's state secrets and/or state security;
1.3.3 Information related to superstition, obscenity, or solicitation to commit a crime;
1.3.4 Information related to illegal Internet publishing activities, such as lottery prizes, gambling games, private servers, and plug-ins;
1.3.5 Information that violates China's national policies, or ethnic or religious policies.
1.3.6 Information that adversely impacts Internet security.
1.3.7 Information about activities that infringe on the legitimate interest of others and/or other activities that disrupt social order, threaten public security, or violate public morals.
1.3.8 Other content in violation of laws, regulations, departmental rules, or China's national policies.
1.4 You shall not modify, translate, edit, lease, sublicense, transmit, or transfer over networks any software or services provided by Alibaba Cloud, or obtain the source code of the software provided by Alibaba Cloud through reverse engineering, decompilation, or other methods;
1.5 You shall not conduct any behavior that undermines or attempts to undermine network security, including but not limited to phishing, hacking, network fraud, suspected involvement in the spreading of viruses/trojans/malicious code to websites or cyberspace, and suspected involvement in attacks on other websites and servers by using virtual servers, such as scanning, sniffing, ARP spoofing, and DDoS;
1.6 You shall not change or attempt to change the system configurations provided by Alibaba Cloud or undermine network security.
1.7 You shall not use the services provided by Alibaba Cloud to conduct any activities that impair the legitimate interests of Alibaba Cloud, Alibaba Cloud affiliated companies or any company or website within the Alibaba Group, including but not limited to Alibaba, Taobao, Alipay, Alimama and Ant Financial (hereinafter collectively referred to as Alibaba Group). The behaviors that impair the legitimate interests of Alibaba Group and websites include but are not limited to violations of any agreement or terms, management norms, trading rules, or other norms published by Alibaba Group, and behaviors that damage or attempt to damage the fair-trade environment or normal trade order of Alibaba Group.</cf>
1.8 You shall not conduct any other activities in violation of laws, regulations, or the terms of Security Credibility.
1.9 You understand that Alibaba Cloud agrees that you can join this program on the premise of your commitment to obey the preceding terms. If you violate any of the preceding terms, Alibaba Cloud reserves the right to stop providing you the services or capabilities related to this program and remove you from this program with prior notice.
2 You understand and agree that Alibaba Cloud has the right to terminate this program at any time based on Alibaba Cloud business plans, the program operations status, or other factors, without being liable to the related consequences. Alibaba Cloud will inform you of the program termination in advance. After the program is terminated, all services or capabilities that you obtain from this program will be disabled.
3 You understand and agree that you have read the security protection mechanism and the terms of Security Credibility and understand the results of joining this program. You have decided to join this program of your own free will, and shall be liable for the corresponding results.
4 Both Alibaba Cloud and you shall keep your decision about whether to join this program confidential, unless the information has become public, or Alibaba Cloud has to reveal the information as otherwise appointed with you, as required by laws and regulations, or as demanded, ordered, or executed by related authorities. You shall keep confidential your security credit score, the corresponding black hole threshold, and related credibility information. If this information is leaked, attackers may launch targeted attacks on your system.
5 Alibaba Cloud may optimize or change the security protection mechanism of this program periodically or at random times. Alibaba Cloud will inform you of the changes in advance, and then provide you with the latest versions of services or provide you with services or capabilities based on the latest mechanism. If you do not agree to use the latest mechanism, you can apply to exit the program and terminate the use of services provided by Alibaba Cloud.
6 You understand and agree that the security protection capabilities that you can obtain from the program are provided by a resource pool shared by all members of the program. In standard cases, Alibaba Cloud provides you with security protection capabilities based on your credit score. However, if the members of the program encounter attacks or other malicious events together and the resources in the shared resource pool run out, your security protection capabilities may be reduced. The adjusted capabilities will not be lower than the default protection capabilities.
7 Disclaimers and limitation of liability: The security protection that Alibaba Cloud provides for you, a member of the program, is a technical measure. You understand and agree that this technical measure taken by Alibaba Cloud based on the program is regarded as flawless security protection. If Alibaba Cloud does not deliberately undermine your system security or make mistakes in the program, Alibaba Cloud shall not be liable for the protection results.
8 If your websites encounter viruses, intrusions, attacks (including but not limited to DDoS attacks), or other activities that threaten the network security, and these activities are not covered by this program, the websites or website services may become unavailable to users for a certain period of time. This situation will be hereinafter referred to as service unavailability. You understand and agree that the preceding service unavailability does not indicate breach of the contract by Alibaba Cloud. If the service unavailability undermines the interests of Alibaba Cloud or adversely impacts the communications between Alibaba Cloud and the Internet, between Alibaba Cloud and specific networks or servers, and between Alibaba Cloud servers, Alibaba Cloud has the right to pause or terminate providing security protection services to you based on the Security Credibility program mechanism, without being liable to the results. Alibaba Cloud will inform you of the suspension or termination of protection beforehand.
9 The related rules, norms, and procedures that have been published on www.aliyun.com constitute a part of the terms of services herein. Alibaba Cloud has the right to modify these rules, norms, or procedures at any time, and require you to comply with the latest rules, norms, and procedures.