AliCloud Security Server Guard

One of the security product offers free-of-charge by AliCloud is Server Guard. Server Guard is a host-based intrusion detection system (HIDS) that monitors and analyzes the internals system of an ECS instance.

First thing first, Alibaba CLoud should really need to improve their UI. When I access to the Server Guard (YunDun) console, part of the description is displayed in Chinese, despite I am on the English console.
AliCloud Security Server Guard

The Server Guard Agent plug-in was integrated and enabled into the system image during my purchase of the ECS instance. (Do read my first review on Ali Cloud) If it is not enabled during the purchased of an ECS instance, you can install it using CLI.
AliCloud Install Server Guard Agent

You can log on to the Alibaba Cloud Security Server Guard console and check the Server Guard Agent online status of each server on the asset management page.

My newly created ECS instance has 13 vulnerabilities.
Alibaba Cloud Security Server Guard

Click on the number to see the detail information. (Again,the explaination are in Chinese)
AliCloud Security Server Guard vulnerability

AliCloud Server Security Server Guard vulnerability detection

This is a good feature to inform system administrator the need of to keep software packages up-to-date.

Server Guard also detects the following:
Suspicious file
Suspicious process
Abnormal connection

Screenshoot of abnormal login shown that my SSH session to the server with root. (This is a bad practise!)
AliCloud Security Server Guard Abnormal connection

Lastly, you can setup notification for Remote login, Brute-force attack and Protection Against Backdoors.

Alibaba Cloud Security Server Guard Alarm Configuration

Server Security Server Guard is a good feature and should enable by default for an ECS instance. However, Ali Cloud team need to work on to provide better user interface and offer more security features.

Want to try out Alibaba Cloud with $300 free credit?

%d bloggers like this: