All Products
Search

This Product

    Security Center:Overview

    Document Center

    Security Center:Overview

    Last Updated:Aug 24, 2023

    Ransomware is one of the major threats to network security. If your servers or databases are infected with ransomware, your business data may be encrypted for ransom. This can cause severe risks, such as service interruptions, data leaks, and data loss. To defend against ransomware, Security Center provides the following features: anti-ransomware for servers and anti-ransomware for databases. You can use the features to protect your servers and databases from ransomware.

    Background information

    Security Center provides a hierarchical protection system against ransomware.

    • Block known ransomware in real time

      Security Center blocks a large amount of known ransomware by using the threat intelligence library of Alibaba Cloud. Security Center blocks ransomware to avoid potential loss.

      Important

      After you install the Security Center agent on a server, the defense process of Security Center requires a specific period of time to take effect on the server. During this period of time, Security Center cannot block threats such as ransomware and DDoS trojans.

    • Capture and block unknown ransomware

      Security Center sets up trap directories on your servers to capture potential ransomware attacks. To protect against unknown ransomware, Security Center immediately blocks viruses that perform unusual encryption operations and notifies you of the operations for further handling. You can turn on Anti-ransomware (Bait Capture) in the Security Center console. For more information, see Use proactive defense.

      Note

      If you find a suspicious directory on your server after the anti-ransomware feature is enabled, contact Alibaba Cloud for technical support to check whether the directory is a trap directory that is set up by Security Center. Trap directories do not affect your workloads and are not malicious. You cannot manually delete trap directories.

    Feature differences

    Anti-ransomware for servers and anti-ransomware for databases protect different types of data. If you want to protect database files, use anti-ransomware for databases. If you want to protect other files in the specified directories of your server, use anti-ransomware for servers. If you want to protect both database files and other files in the specified directories of your server, use anti-ransomware for databases together with anti-ransomware for servers. For more information about how to create anti-ransomware policies, see the following topics:

    Important

    To protect database files on a server, use anti-ransomware for databases.

    Supported regions

    Note

    If you create an anti-ransomware policy for a server that is not deployed on Alibaba Cloud, select the region in which the server is deployed. If an Elastic Compute Service (ECS) instance for which you want to create an anti-ransomware policy resides in a region in which the anti-ransomware feature is unavailable, the instance is not displayed in the asset list.

    Feature

    Area

    Supported region

    Anti-ransomware for servers

    Chinese mainland

    • China (Hangzhou), China (Shanghai), and China East 2 Finance

    • China (Qingdao), China North 2 Ali Gov 1, China (Beijing), China (Zhangjiakou), and China (Hohhot)

    • China (Shenzhen) and China South 1 Finance

    • China (Chengdu)

    Asia Pacific

    Indonesia (Jakarta), Australia (Sydney), Japan (Tokyo), India (Mumbai), Malaysia (Kuala Lumpur), China (Hong Kong), Singapore, and Philippines (Manila)

    Europe and Americas

    US (Silicon Valley), US (Virginia), Germany (Frankfurt), and UK (London)

    Middle East

    SAU (Riyadh)

    Anti-ransomware for databases

    Chinese mainland

    • China (Hangzhou) and China (Shanghai)

    • China (Beijing), China (Zhangjiakou), and China (Hohhot)

    • China (Shenzhen)

    • China (Chengdu)

    Asia Pacific

    China (Hong Kong)

    Resource requirements for the backup feature

    The following table describes the resource requirements for backing up data of different volumes.

    Backup data volume

    CPU

    Memory size

    100,000 files

    Dual-core

    4 GB

    1 million files (up to 8 TB)

    Dual-core

    8 GB

    10 million files

    Quad-core

    16 GB

    Anti-ransomware for databases consumes a small number of resources to back up data while anti-ransomware for servers consumes a large number of resources to back up data. The process that anti-ransomware for servers runs to back up data consumes server resources. The consumed server resources vary based on the size and number of files. In most cases, your business is not affected. If you want to manage the server resources that are consumed to back up data, you can evaluate the backup speed and limit the maximum usage of server memory. For more information, see Backup speed and recovery speed and How do I resolve OOM issues on an HBR client?

    Operating systems and versions supported by anti-ransomware for servers

    Important

    The following table lists the operating systems and versions that are supported by anti-ransomware for servers. You can install the anti-ransomware agent only on the servers that run supported operating systems and versions. If you use other operating systems and versions, you cannot install the anti-ransomware agent or back up data. Before you use the anti-ransomware feature, we recommend that you check whether the operating system and version of your server are supported.

    Operating system

    Operating system version

    Windows

    7, 8, and 10

    Windows Server

    2008 R2, 2012, 2012 R2, 2016, 2019, and 2022

    RHEL

    7.0, 7.2, 7.4, 7.5, 7.6, 7.7, 7.8, 8.0, 8.1, and 8.2

    CentOS

    6.5, 6.9, 7.2, 7.3, 7.4, 7.5, 7.6, 7.7, 7.8, 7.9, 8.2, and 8.3

    Ubuntu

    14.04, 16.04, 18.04, and 20.04

    SUSE Linux Enterprise Server

    11, 12, and 15

    Database versions and operating system versions supported by anti-ransomware for databases

    Important

    The following table lists the database versions and operating system versions that are supported by anti-ransomware for databases. You can install the anti-ransomware agent only on the following types of databases and operating systems. If you use other types of databases or operating systems, you cannot install the anti-ransomware agent or back up data. Before you use the anti-ransomware feature, we recommend that you check whether the versions of your database and operating system on your server are supported.

    Database type

    Supported database version

    Supported operating system version

    Oracle

    9i

    SUSE 9.3, SLES 9, and CentOS 4.5

    10g

    RHEL 9, CentOS 4.6, SUSE 11 SP4, and RHEL 6.5

    11g

    RHEL 6, CentOS 6.4, RHEL 6.5, CentOS 6.5, Oracle Enterprise Linux 6.7, RHEL 7, Windows Server 2008 R2, and Windows Server 2012 R2

    12c

    Windows Server 2008 R2, RHEL 6.5, and RHEL 7.5

    18c

    RHEL 7.0 and Windows Server 2008 R2

    19c

    Oracle Enterprise Linux7.0

    Oracle RAC

    9i

    SUSE 9.3 and RHEL

    10g

    Windows 2008 R2

    11g

    Windows Server 2008 R2, RHEL 6.5, Oracle Enterprise Linux 6.4, and iSoft Server OS V3.0

    12c

    CentOS 6, RHEL 6.5, Windows Server 2008 R2, CentOS 6.7, and Oracle Enterprise Linux 6

    18c

    Windows 2008 R2

    19c

    RHEL 7.6

    Oracle Data Guard

    11g

    CentOS 6.4, CentOS 6.5, RHEL 6, and Windows Server 2008 R2

    12c

    Oracle Enterprise Linux6

    MySQL

    5.0

    RHEL 6.0, RHEL 6.5, Ubuntu 11.10, Ubuntu 12.10, SLES 10, SUSE 11 SP4, and Neokylin 6.0

    5.1

    RHEL 6.5, SUSE 11 SP4, and RHEL 6.0

    5.4

    RHEL 6.5 and SUSE 11 SP4

    5.5

    Ubuntu 12.04, Ubuntu 14.04, Debian 7.8, Debian 8.3, CentOS 6.0, and RHEL 6.5

    5.6

    RHEL 6.0, RHEL 6.5, Ubuntu 14.04, CentOS 6.0, and CentOS 7.2

    5.7

    RHEL 6.0, RHEL 7.0, CentOS 7.0, RHEL 6.5, Ubuntu 16.04, CentOS 7.2, and NeoKylin 7.0

    SQL Server

    2005

    Windows 2008 R2 SP1

    2008

    Windows Server 2008 R2 and Windows Server 2008 R2 Service Pack 1

    2008 R2

    Windows 2008 R2

    2012

    Windows 2012 RC

    2014

    Windows Server 2008 R2 Service Pack 1 and Windows Server 2016

    2016 (RTM)

    Windows 2012 R2

    2017

    Windows Server 2012 and Windows Server 2016

    2019

    Windows 2016

    SQL Server Always On

    2012, 2016, and 2017

    Windows 2012 R2

    Anti-ransomware endpoints

    Alibaba Cloud public cloud

    Region

    Public endpoint

    ECS internal endpoint

    China (Hangzhou)

    https://hbr.cn-hangzhou.aliyuncs.com

    https://hbr-vpc.cn-hangzhou.aliyuncs.com

    China (Shanghai)

    https://hbr.cn-shanghai.aliyuncs.com

    https://hbr-vpc.cn-shanghai.aliyuncs.com

    China (Qingdao)

    https://hbr.cn-qingdao.aliyuncs.com

    https://hbr-vpc.cn-qingdao.aliyuncs.com

    China (Beijing)

    https://hbr.cn-beijing.aliyuncs.com

    https://hbr-vpc.cn-beijing.aliyuncs.com

    China (Zhangjiakou)

    https://hbr.cn-zhangjiakou.aliyuncs.com

    https://hbr-vpc.cn-zhangjiakou.aliyuncs.com

    China (Hohhot)

    https://hbr.cn-huhehaote.aliyuncs.com

    https://hbr-vpc.cn-huhehaote.aliyuncs.com

    China (Shenzhen)

    https://hbr.cn-shenzhen.aliyuncs.com

    https://hbr-vpc.cn-shenzhen.aliyuncs.com

    China (Chengdu)

    https://hbr.cn-chengdu.aliyuncs.com

    https://hbr-vpc.cn-chengdu.aliyuncs.com

    China (Hong Kong)

    https://hbr.cn-hongkong.aliyuncs.com

    https://hbr-vpc.cn-hongkong.aliyuncs.com

    Singapore

    https://hbr.ap-southeast-1.aliyuncs.com

    https://hbr-internal.ap-southeast-1.aliyuncs.com

    Philippines (Manila)

    https://hbr.ap-southeast-6.aliyuncs.com

    https://hbr-vpc.ap-southeast-6.aliyuncs.com

    Australia (Sydney)

    https://hbr.ap-southeast-2.aliyuncs.com

    https://hbr-vpc.ap-southeast-2.aliyuncs.com

    Malaysia (Kuala Lumpur)

    https://hbr.ap-southeast-3.aliyuncs.com

    https://hbr.ap-southeast-3.aliyuncs.com

    Indonesia (Jakarta)

    https://hbr.ap-southeast-5.aliyuncs.com

    https://hbr-vpc.ap-southeast-5.aliyuncs.com

    Japan (Tokyo)

    https://hbr.ap-northeast-1.aliyuncs.com

    https://hbr.ap-northeast-1.aliyuncs.com

    India (Mumbai)

    https://hbr.ap-south-1.aliyuncs.com

    https://hbr-vpc.ap-south-1.aliyuncs.com

    Germany (Frankfurt)

    https://hbr.eu-central-1.aliyuncs.com

    https://hbr.eu-central-1.aliyuncs.com

    US (Silicon Valley)

    https://https://hbr.us-west-1.aliyuncs.com

    https://hbr.us-west-1.aliyuncs.com

    US (Virginia)

    https://hbr.us-east-1.aliyuncs.com

    https://hbr-vpc.us-east-1.aliyuncs.com

    UK (London)

    https://hbr.eu-west-1.aliyuncs.com

    https://hbr-vpc.eu-west-1.aliyuncs.com

    Alibaba Finance Cloud

    Region

    Public endpoint

    ECS internal endpoint

    China East 2 Finance

    https://hbr.cn-shanghai-finance-1.aliyuncs.com

    https://hbr-vpc.cn-shanghai-finance-1.aliyuncs.com

    China South 1 Finance

    https://hbr.cn-shenzhen-finance-1.aliyuncs.com

    https://hbr-vpc.cn-shenzhen-finance-1.aliyuncs.com

    Use process

    You can use the anti-ransomware feature to back up data on your servers or databases. If your business data is encrypted by ransomware, you can restore the encrypted files based on the backup data. This reduces the adverse impacts on your workloads.

    1. Purchase a specific anti-ransomware capacity and complete the required authorization. For more information, see Enable anti-ransomware.

    2. Select anti-ransomware for servers or anti-ransomware for databases based on the type of data that you want to protect. For more information, see Feature differences.

    3. Create anti-ransomware policies for your servers or databases to back up your data. For more information, see Create anti-ransomware policies for servers and Create anti-ransomware policies for databases.

    4. Create restoration tasks to restore data that is encrypted by ransomware. For more information, see Create restoration tasks for servers and Create restoration tasks for databases.