Aiming at the attack method of mining worms' brute-force cracking on SSH/RDP, etc., the basic defense of cloud firewall supports regular brute-force cracking detection methods, such as logging or trial-and-error frequency threshold calculation, and IP restriction on behaviors exceeding the trial-and-error threshold, and it also supports combining behavioral models on the basis of the user's access habits and access frequency baseline to ensure that the user's normal access will not be blocked while imposing abnormal logins are restricted.

For some common vulnerability exploitation methods (such as using Redis to write Crontab to execute commands, database UDF for command execution, etc.), the basic defense of cloud firewall is based on AliCloud's big data advantage, and using a large number of malicious attack samples accumulated by AliCloud Security in the attack and defense confrontation on the cloud, it is possible to form a precise defense rule with extremely high accuracy.

If you need to turn on the base defense of the cloud firewall, you only need to check the base rules in the security policy-> Intrusion Prevention-> Base Defense configuration column, and when the base defense is turned on, you can see the detailed blocking logs in the Network Traffic Analysis-> IPS Blocking Analysis.