Checks whether basic protection is enabled for the intrusion prevention system (IPS) of Cloud Firewall. If so, the evaluation result is Compliant. The basic protection feature protects your assets against common intrusions, such as attacks that exploit command execution vulnerabilities. The feature also manages connections from compromised hosts to a command-and-control (C&C) server and provides basic protection for your assets.
Scenarios
In enterprise external Web services, you can enable basic protection for the IPS of Cloud Firewall to allow the IPS to monitor and block common intrusion attempts and malicious traffic in real time. This ensures the security and stability of the business runtime environment.
Risk level
Default risk level: medium.
When you apply this rule, you can change the risk level based on your business requirements.
Compliance evaluation logic
The basic protection feature is enabled for the IPS of Cloud Firewall to protect your assets against common intrusions, such as attacks that exploit command execution vulnerabilities. The feature also manages connections from compromised hosts to a C&C server and provides basic protection for your assets. If Cloud Firewall is used but basic protection is disabled, the evaluation result is Non-compliant.
Rule details
Parameter | Description |
Rule template name | cfw-ips-basicrules-on |
Rule template identifier | |
Automatic remediation | ACS-Cloudfw-ModifyIPSConfig supported |
Trigger type | Periodic: Every 24 hours |
Supported resource type | ACS::::Account |
Input parameter | None |
Non-compliance remediation
For more information, see IPS configuration.