All Products
Search
Document Center

Security Center:Overview

Last Updated:Aug 24, 2023

Ransomware is one of the major threats to network security. If your servers or databases are infected with ransomware, your business data may be encrypted for ransom. This can cause severe risks, such as service interruptions, data leaks, and data loss. To defend against ransomware, Security Center provides the following features: anti-ransomware for servers and anti-ransomware for databases. You can use the features to protect your servers and databases from ransomware.

Background information

Security Center provides a hierarchical protection system against ransomware.

  • Block known ransomware in real time

    Security Center blocks a large amount of known ransomware by using the threat intelligence library of Alibaba Cloud. Security Center blocks ransomware to avoid potential loss.

    Important

    After you install the Security Center agent on a server, the defense process of Security Center requires a specific period of time to take effect on the server. During this period of time, Security Center cannot block threats such as ransomware and DDoS trojans.

  • Capture and block unknown ransomware

    Security Center sets up trap directories on your servers to capture potential ransomware attacks. To protect against unknown ransomware, Security Center immediately blocks viruses that perform unusual encryption operations and notifies you of the operations for further handling. You can turn on Anti-ransomware (Bait Capture) in the Security Center console. For more information, see Use proactive defense.

    Note

    If you find a suspicious directory on your server after the anti-ransomware feature is enabled, contact Alibaba Cloud for technical support to check whether the directory is a trap directory that is set up by Security Center. Trap directories do not affect your workloads and are not malicious. You cannot manually delete trap directories.

Feature differences

Anti-ransomware for servers and anti-ransomware for databases protect different types of data. If you want to protect database files, use anti-ransomware for databases. If you want to protect other files in the specified directories of your server, use anti-ransomware for servers. If you want to protect both database files and other files in the specified directories of your server, use anti-ransomware for databases together with anti-ransomware for servers. For more information about how to create anti-ransomware policies, see the following topics:

Important

To protect database files on a server, use anti-ransomware for databases.

Supported regions

Note

If you create an anti-ransomware policy for a server that is not deployed on Alibaba Cloud, select the region in which the server is deployed. If an Elastic Compute Service (ECS) instance for which you want to create an anti-ransomware policy resides in a region in which the anti-ransomware feature is unavailable, the instance is not displayed in the asset list.

Feature

Area

Supported region

Anti-ransomware for servers

Chinese mainland

  • China (Hangzhou), China (Shanghai), and China East 2 Finance

  • China (Qingdao), China North 2 Ali Gov 1, China (Beijing), China (Zhangjiakou), and China (Hohhot)

  • China (Shenzhen) and China South 1 Finance

  • China (Chengdu)

Asia Pacific

Indonesia (Jakarta), Australia (Sydney), Japan (Tokyo), India (Mumbai), Malaysia (Kuala Lumpur), China (Hong Kong), Singapore, and Philippines (Manila)

Europe and Americas

US (Silicon Valley), US (Virginia), Germany (Frankfurt), and UK (London)

Middle East

SAU (Riyadh)

Anti-ransomware for databases

Chinese mainland

  • China (Hangzhou) and China (Shanghai)

  • China (Beijing), China (Zhangjiakou), and China (Hohhot)

  • China (Shenzhen)

  • China (Chengdu)

Asia Pacific

China (Hong Kong)

Resource requirements for the backup feature

The following table describes the resource requirements for backing up data of different volumes.

Backup data volume

CPU

Memory size

100,000 files

Dual-core

4 GB

1 million files (up to 8 TB)

Dual-core

8 GB

10 million files

Quad-core

16 GB

Anti-ransomware for databases consumes a small number of resources to back up data while anti-ransomware for servers consumes a large number of resources to back up data. The process that anti-ransomware for servers runs to back up data consumes server resources. The consumed server resources vary based on the size and number of files. In most cases, your business is not affected. If you want to manage the server resources that are consumed to back up data, you can evaluate the backup speed and limit the maximum usage of server memory. For more information, see Backup speed and recovery speed and How do I resolve OOM issues on an HBR client?

Operating systems and versions supported by anti-ransomware for servers

Important

The following table lists the operating systems and versions that are supported by anti-ransomware for servers. You can install the anti-ransomware agent only on the servers that run supported operating systems and versions. If you use other operating systems and versions, you cannot install the anti-ransomware agent or back up data. Before you use the anti-ransomware feature, we recommend that you check whether the operating system and version of your server are supported.

Operating system

Operating system version

Windows

7, 8, and 10

Windows Server

2008 R2, 2012, 2012 R2, 2016, 2019, and 2022

RHEL

7.0, 7.2, 7.4, 7.5, 7.6, 7.7, 7.8, 8.0, 8.1, and 8.2

CentOS

6.5, 6.9, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, 7.8, 7.9, 8.2, and 8.3

Ubuntu

14.04, 16.04, 18.04, and 20.04

SUSE Linux Enterprise Server

11, 12, and 15

Database versions and operating system versions supported by anti-ransomware for databases

Important

The following table lists the database versions and operating system versions that are supported by anti-ransomware for databases. You can install the anti-ransomware agent only on the following types of databases and operating systems. If you use other types of databases or operating systems, you cannot install the anti-ransomware agent or back up data. Before you use the anti-ransomware feature, we recommend that you check whether the versions of your database and operating system on your server are supported.

Database type

Supported database version

Supported operating system version

Oracle

9i

SUSE 9.3, SLES 9, and CentOS 4.5

10g

RHEL 9, CentOS 4.6, SUSE 11 SP4, and RHEL 6.5

11g

RHEL 6, CentOS 6.4, RHEL 6.5, CentOS 6.5, Oracle Enterprise Linux 6.7, RHEL 7, Windows Server 2008 R2, and Windows Server 2012 R2

12c

Windows Server 2008 R2, RHEL 6.5, and RHEL 7.5

18c

RHEL 7.0 and Windows Server 2008 R2

19c

Oracle Enterprise Linux7.0

Oracle RAC

9i

SUSE 9.3 and RHEL

10g

Windows 2008 R2

11g

Windows Server 2008 R2, RHEL 6.5, Oracle Enterprise Linux 6.4, and iSoft Server OS V3.0

12c

CentOS 6, RHEL 6.5, Windows Server 2008 R2, CentOS 6.7, and Oracle Enterprise Linux 6

18c

Windows 2008 R2

19c

RHEL 7.6

Oracle Data Guard

11g

CentOS 6.4, CentOS 6.5, RHEL 6, and Windows Server 2008 R2

12c

Oracle Enterprise Linux6

MySQL

5.0

RHEL 6.0, RHEL 6.5, Ubuntu 11.10, Ubuntu 12.10, SLES 10, SUSE 11 SP4, and Neokylin 6.0

5.1

RHEL 6.5, SUSE 11 SP4, and RHEL 6.0

5.4

RHEL 6.5 and SUSE 11 SP4

5.5

Ubuntu 12.04, Ubuntu 14.04, Debian 7.8, Debian 8.3, CentOS 6.0, and RHEL 6.5

5.6

RHEL 6.0, RHEL 6.5, Ubuntu 14.04, CentOS 6.0, and CentOS 7.2

5.7

RHEL 6.0, RHEL 7.0, CentOS 7.0, RHEL 6.5, Ubuntu 16.04, CentOS 7.2, and NeoKylin 7.0

SQL Server

2005

Windows 2008 R2 SP1

2008

Windows Server 2008 R2 and Windows Server 2008 R2 Service Pack 1

2008 R2

Windows 2008 R2

2012

Windows 2012 RC

2014

Windows Server 2008 R2 Service Pack 1 and Windows Server 2016

2016 (RTM)

Windows 2012 R2

2017

Windows Server 2012 and Windows Server 2016

2019

Windows 2016

SQL Server Always On

2012, 2016, and 2017

Windows 2012 R2

Anti-ransomware endpoints

Alibaba Cloud public cloud

Region

Public endpoint

ECS internal endpoint

China (Hangzhou)

https://hbr.cn-hangzhou.aliyuncs.com

https://hbr-vpc.cn-hangzhou.aliyuncs.com

China (Shanghai)

https://hbr.cn-shanghai.aliyuncs.com

https://hbr-vpc.cn-shanghai.aliyuncs.com

China (Qingdao)

https://hbr.cn-qingdao.aliyuncs.com

https://hbr-vpc.cn-qingdao.aliyuncs.com

China (Beijing)

https://hbr.cn-beijing.aliyuncs.com

https://hbr-vpc.cn-beijing.aliyuncs.com

China (Zhangjiakou)

https://hbr.cn-zhangjiakou.aliyuncs.com

https://hbr-vpc.cn-zhangjiakou.aliyuncs.com

China (Hohhot)

https://hbr.cn-huhehaote.aliyuncs.com

https://hbr-vpc.cn-huhehaote.aliyuncs.com

China (Shenzhen)

https://hbr.cn-shenzhen.aliyuncs.com

https://hbr-vpc.cn-shenzhen.aliyuncs.com

China (Chengdu)

https://hbr.cn-chengdu.aliyuncs.com

https://hbr-vpc.cn-chengdu.aliyuncs.com

China (Hong Kong)

https://hbr.cn-hongkong.aliyuncs.com

https://hbr-vpc.cn-hongkong.aliyuncs.com

Singapore

https://hbr.ap-southeast-1.aliyuncs.com

https://hbr-internal.ap-southeast-1.aliyuncs.com

Philippines (Manila)

https://hbr.ap-southeast-6.aliyuncs.com

https://hbr-vpc.ap-southeast-6.aliyuncs.com

Australia (Sydney)

https://hbr.ap-southeast-2.aliyuncs.com

https://hbr-vpc.ap-southeast-2.aliyuncs.com

Malaysia (Kuala Lumpur)

https://hbr.ap-southeast-3.aliyuncs.com

https://hbr.ap-southeast-3.aliyuncs.com

Indonesia (Jakarta)

https://hbr.ap-southeast-5.aliyuncs.com

https://hbr-vpc.ap-southeast-5.aliyuncs.com

Japan (Tokyo)

https://hbr.ap-northeast-1.aliyuncs.com

https://hbr.ap-northeast-1.aliyuncs.com

India (Mumbai)

https://hbr.ap-south-1.aliyuncs.com

https://hbr-vpc.ap-south-1.aliyuncs.com

Germany (Frankfurt)

https://hbr.eu-central-1.aliyuncs.com

https://hbr.eu-central-1.aliyuncs.com

US (Silicon Valley)

https://https://hbr.us-west-1.aliyuncs.com

https://hbr.us-west-1.aliyuncs.com

US (Virginia)

https://hbr.us-east-1.aliyuncs.com

https://hbr-vpc.us-east-1.aliyuncs.com

UK (London)

https://hbr.eu-west-1.aliyuncs.com

https://hbr-vpc.eu-west-1.aliyuncs.com

Alibaba Finance Cloud

Region

Public endpoint

ECS internal endpoint

China East 2 Finance

https://hbr.cn-shanghai-finance-1.aliyuncs.com

https://hbr-vpc.cn-shanghai-finance-1.aliyuncs.com

China South 1 Finance

https://hbr.cn-shenzhen-finance-1.aliyuncs.com

https://hbr-vpc.cn-shenzhen-finance-1.aliyuncs.com

Use process

You can use the anti-ransomware feature to back up data on your servers or databases. If your business data is encrypted by ransomware, you can restore the encrypted files based on the backup data. This reduces the adverse impacts on your workloads.

  1. Purchase a specific anti-ransomware capacity and complete the required authorization. For more information, see Enable anti-ransomware.

  2. Select anti-ransomware for servers or anti-ransomware for databases based on the type of data that you want to protect. For more information, see Feature differences.

  3. Create anti-ransomware policies for your servers or databases to back up your data. For more information, see Create anti-ransomware policies for servers and Create anti-ransomware policies for databases.

  4. Create restoration tasks to restore data that is encrypted by ransomware. For more information, see Create restoration tasks for servers and Create restoration tasks for databases.