CSRF introduction
CSRF (Cross-site Request Forgery), also known as One Click Attack or Session Riding, usually abbreviated as CSRF or XSRF, is a form of malicious website use.
The preceding figure shows a simple model of CSRF attacks. A user visits the malicious Website B; malicious Website B returns an HTTP message to the user, asking the user to visit Website A. The access request is executed if the user has set Website A as a trusted website as if the user sent the request on his/her own.
Redis CSRF attack model
Based on the preceding principle of CSRF, malicious websites may make a user send an HTTP request to Redis. Because Redis supports text protocols, and does not break off the connection in the case of illegal protocols during protocol resolution. The attacker can then add a Redis command after the normal HTTP request to run the command on Redis. If the user and Redis do not use a password for verification, the Redis command is executed normally and encrypt data to extort money, exactly like the earlier MongoDB ransom incident.
Repair the kernel
The author of Redis fixed the problem in Redis version 3.2.7, implementing special processing for the POST
and Host:
keywords, logging the events, and disconnecting to avoid execution of subsequent illegal requests to Redis.
Redis security risks
Earlier, Redis exposed a security vulnerability that hackers may get the root permission of Redis services under certain conditions. The causes of these security vulnerabilities can be primarily attributed to users’ lack of understanding of Redis’s security mechanisms, lack of Redis O&M experience, and insufficient use of the security protection mechanisms offered by Redis. ApsaraDB for Redis provides securer Redis services. We recommend ApsaraDB for Redis for your on-cloud Redis services.
ApsaraDB for Redis security code
Intranet access to avoid Internet access
By default, ApsaraDB for Redis only provides trusted intranet access. You are not allowed to access ApsaraDB for Redis by the Internet.
Physical network isolation
ApsaraDB for Redis’s physical network and user network are physically isolated. Users’ virtual machines are not allowed to directly access the backend physical machine network.
VPC network isolation
If you are an Alibaba Cloud user using the VPC network, only the services in the same VPC are inter-accessible.
Whitelist
ApsaraDB for Redis supports whitelist settings. You can set a whitelist for allowed IP addresses in the console.
Password access
ApsaraDB for Redis enforces password authentication for instances in the classic network. You can set a complex password to prevent it from being cracked.
Access permission isolation
Each backend instance of ApsaraDB for Redis is isolated in the ACL and accessible directory. Each instance is only allowed to access the path of its own so that inter-instance interference can be avoided.
Dangerous commands forbidden
ApsaraDB for Redis forbids some dangerous system management commands such as config
and save
. If you want to modify this parameter, you must pass the secondary authentication in the console. This also avoids direct operations on the backend configuration files and management commands.
Security monitoring
ApsaraDB for Redis has a complete security monitoring system for physical machines. It regularly scans and updates the security monitoring policies to discover security risks as soon as possible.
Redis cluster password
Native Redis 3.0 cluster version does not support password verification. ApsaraDB for Redis cluster version supports password verification, which improves security.