SA Baseline Check: A comprehensive "physical examination" for cloud services

Abstract: With the acceleration of cloud process in enterprises, the security risks caused by unreasonable cloud service configuration and non-compliance are increasing day by day. If not paid attention to and timely diagnosis and treatment, enterprise cloud services will bring huge security risks.

This article is shared from huawei cloud community “Cloud small lesson security lesson 11 SA Baseline Check: a comprehensive” physical examination “for cloud services, by: cloud security genius.

As the cloud process on the enterprise accelerates, the security risks caused by improper cloud service configuration and non-compliance increase day by day. If not paid attention to and timely diagnosis and treatment, enterprise cloud services will bring huge security risks.

Huawei cloud SA has recently upgraded its cloud service baseline check function. It supports detection of cloud services (such as IAM, OBS, ELB, etc.) of the identity authentication, access control, log audit, such as security configuration, can the comprehensive “examination” on the cloud services, for the first time understand the location of the cloud service risk allocation and risk, and provides the test results, reinforcement for risk allocation given advice and help guide. This helps users eliminate security risks in advance to ensure the security of cloud services.

The cloud service baseline check is to check key configuration items of the cloud service. By performing a scan task, you can check the risk status of the baseline configuration and handle the configuration with potential security risks. Like a necessary health check for the human body, the cloud service baseline check is a critical part of the enterprise’s cloud.

So, how to start a comprehensive “physical examination” of risks on the cloud? How do I determine whether the cloud service configuration is compliant? How to deal with improper configuration?

Next, following the steps of the small lesson, you will learn three steps to discover cloud service risk configuration items through huawei cloud baseline check, respond to the check results, and easily meet the security compliance

Before using SA, you need to purchase SA stamp here

1. Step 1: Set up an inspection plan

The default check schedule is 00:00 to 06:00 every three days. If you do not use the default check plan, you can customize a check plan based on service requirements.

1. On the Baseline Check page, click Set check Plan in the upper right corner. The check plan setting page is displayed.

2. Click Create Plan. The page for creating a check plan is displayed.

3. On the Page that is displayed, configure a check plan and click OK.

The SA performs the cloud service baseline scan at the specified time. You can view the scan result in Baseline Check.

2. Step 2: Execute the inspection plan

After the check schedule is set, the system performs the check based on the specified check time. It also supports immediate execution of inspection plans.

Review all inspection specifications immediately

SA can execute the configured check specifications immediately based on the check specifications you set.

The Check Now task can be executed only once within 10 minutes.

1. On the Baseline Check page, click Check Now in the upper right corner.

2. Refresh the page and view Last Checked Time to check whether the scan result is the latest.

Execute an inspection plan immediately

SA can manually execute one of the check plans you set up immediately. Once configured, the system will immediately execute the selected baseline check plan.

Perform periodic Automatic Check immediately. You can perform periodic automatic check only once within 10 minutes.

1. In the navigation tree, choose Settings > Detection Settings. The detection Settings page is displayed.

2. Click Check Now on the top of the check plan to be manually checked immediately.

The selected baseline check plan will be executed immediately.

3. Step 3: Check the result

View an overview of inspection results

After the check plan is executed, you can wait a moment to view the summary data of the baseline check results detected in the current area on the Baseline check page.

Table 1 Overview of inspection results

View inspection Specifications for details

On the Baseline Check page, the Check Criteria list page is displayed by default.

The check criteria page displays all baseline check criteria, including check items, check status, risk resources, description, and the most recent check date.

Click View Details to go to the details page of the check item.

Baseline check Provides the capability to query risk check details. After a check is performed on a check item, the check status, time, risk level, description, and procedure are clear at a glance. In addition, you can view the names, types, and results of resources covered by the check item. The cloud service baseline check is full of information and detail.

View the Check Resources details

On the Baseline Check page, click the Check Resources TAB.

Check resources All risk resources are summarized in the form of a list, and the results are degraded according to the risk level. The cloud resources with many risks and high risk levels are displayed in a high level, so that you can view the details and respond to the suggestions in a timely manner.

Click View Details to go to the details page of the resource.

You can view the details of all check items for a resource. You can view the risk check status based on the summarized check items and then perform the check or view the details.

View details about Check Results

On the Baseline Check page, click the Check Result TAB.

Click View Details to go to the page for details about the check result.

You can view the inspection item check status, recent examination time, examination way, risk level, check the description and the inspection process, and response disposal instructions for the relevant information for your suggestion, you can also view this check item covered by resource name, resource types, such as the aggregation subsidiary, for a resource to the examination of the corresponding operation.

Face up to the “illness” caused by the non-compliance and unreasonable configuration on the cloud, timely check the hidden dangers through the cloud service baseline check “safety physical examination”, prevent them in the future, treat the problems at the root, so as to easily meet the security compliance and escort the cloud business!

To learn more about the functions of SA, click here

Click to follow, the first time to learn about Huawei cloud fresh technology ~

mo4tech.com (Moment For Technology) is a global community with thousands techies from across the global hang out!Passionate technologists, be it gadget freaks, tech enthusiasts, coders, technopreneurs, or CIOs, you would find them all here.

SA Baseline Check: A comprehensive “physical examination” for cloud services

1. Step 1: Set up an inspection plan

2. Step 2: Execute the inspection plan

3. Step 3: Check the result

SA Baseline Check: A comprehensive “physical examination” for cloud services

1. Step 1: Set up an inspection plan

2. Step 2: Execute the inspection plan

3. Step 3: Check the result

Related Posts

Go language to operate mongodb

SpringCloud Alibaba micro-service practice – basic environment preparation

Talk about many-to-many relationships between Python Django models