What is CSRF?

Cross-site request forgery (CSRF), also known as XSRF, one-click attack, or session riding, is a type of malicious exploitation of websites.

The preceding figure shows a simple model of a CSRF attack. A user visits the malicious website B, and the malicious website B replies to the user with an HTTP message that requires the user to visit the website A. If the user has maintained a trust relationship with the website A, the system processes the request as if the user personally sent the request to visit the website A.

Redis CSRF attack model

Based on the preceding principle of CSRF, a malicious website can require a user to send an HTTP request to Redis. Redis supports text protocols, and does not break off the connection in the case of illegal protocols during protocol parsing. An attacker can attach a Redis command to a normal HTTP request to run the command in Redis. If the user and Redis do not require password verification, Redis runs the command normally. Consequently, the attacker can encrypt data to extort money, similar to the earlier MongoDB ransom attacks.

Repair the kernel

Redis 3.2.7 provides a fix for this issue. The system processes the POST method and HOST keywords in a special way, keeps a log of events, and disconnects from the service to prevent Redis from running subsequent legitimate requests.

Redis security risks

Earlier Redis versions have exposed a security vulnerability where an attacker can obtain the root permissions of the Redis service in a certain condition. Similar security vulnerabilities occur because some users know less about security mechanisms of Redis and have little experience of operations and maintenance for Redis. In addition, Redis lacks sufficient security protection mechanisms. However, the ApsaraDB for Redis service can provide more security mechanisms. We recommend that you use ApsaraDB for Redis as the Redis service in the cloud.

Security rules of ApsaraDB for Redis

Connections over an internal network instead of a public network

By default, ApsaraDB for Redis only supports trusted connections over the Alibaba Cloud intranet. Without applying for a public endpoint, your instance is not open to the Internet.

Physical network isolation

ApsaraDB for Redis provides a physical isolation between the physical server network and the virtual server network. Your virtual servers cannot directly connect to the backend physical server network.

VPC network isolation

If you use a virtual private cloud (VPC) of Alibaba Cloud, only the services in the same VPC can interconnect with each other.

Whitelist

ApsaraDB for Redis supports whitelists. You can set a whitelist of IP addresses in the console to allow connections based on these IP addresses.

Password verification

ApsaraDB for Redis enforces password verification for instances in a classic network. You can set a complex password to prevent password cracking.

Access permission isolation

ApsaraDB for Redis isolates permissions and accessible directories for each backend instance. The instances can only access resources by using their own path to avoid mutual interference.

Dangerous commands forbidden

ApsaraDB for Redis forbids some dangerous system management commands such as CONFIG and SAVE. If you want to modify parameters, you must pass the secondary authentication in the console. This can also avoid direct operations of the backend configuration files and management commands.

Security monitoring

ApsaraDB for Redis provides comprehensive security monitoring for physical servers. The system performs regular scans and updates security monitoring policies to locate security risks in advance.

Redis cluster password

The original Redis 3.0 cluster does not support password verification. ApsaraDB for Redis clusters support password verification to improve system security.