Cloud Web Hosting security

更新时间:
复制 MD 格式

Cloud Web Hosting security encompasses infrastructure security, network security, and data security. Infrastructure security integrates other security products to provide enhanced protection for your Cloud Web Hosting instance. Network security improves resource access security through controls such as port restrictions and security protection. Data security provides server-side and client-based encryption to mitigate potential security risks for data in the cloud.

Infrastructure security

Cloud Web Hosting supports integration with other cloud security products, such as SSL Certificate Service and Anti-DDoS Pro and Anti-DDoS Premium, to enhance your website's security. Some exclusive Web Hosting instances also support trojan scans. For more information, see:

  • Anti-DDoS Basic: A basic Distributed Denial of Service (DDoS) protection feature that protects against common DDoS attacks. For information about the blackhole triggering thresholds and marketplaces for Cloud Web Hosting, see Thresholds that trigger blackhole filtering in Anti-DDoS Basic.

  • SSL Certificate support: An SSL Certificate establishes a secure, encrypted connection between a web page and a browser. This ensures that data is secure during transit and protects access to your website.

  • Trojan scan: Trojan scanning is an important security measure for Cloud Web Hosting. It includes features such as real-time monitoring, periodic scans, and malicious code removal.

    Note

    The trojan scan feature is not available for all Cloud Web Hosting instances. It is supported only on some exclusive Web Hosting instances. The actual options displayed in the console prevail. For more information, see Scan for trojans.

Network security

Network security improves resource access security through methods such as port restrictions and security protection, such as DDoS attack protection and access control.

  • Port restrictions: Cloud Web Hosting only opens ports that are necessary for website access.

    • Ports 80 and 443 (HTTP or HTTPS access ports) are open for website access.

    • Port 21 (the FTP access port) is open to establish connections between an FTP client and the server for file uploads, downloads, and other operations.

  • DDoS attack protection: A DDoS attack on a Cloud Web Hosting instance can disrupt normal website access. Alibaba Cloud provides free Anti-DDoS Basic, paid native protection, and other Anti-DDoS services. For more information, see How to select an Anti-DDoS product.

    Note

    If a shared Cloud Web Hosting instance experiences a large-scale DDoS attack that triggers blackhole filtering, other virtual hosts that share the same IP address also become inaccessible. If your business requires high security and stability, you can purchase an exclusive Web Hosting instance or an Elastic Compute Service (ECS) instance.

  • Access control: Exclusive Web Hosting instances that run the Linux operating system provide an access control feature. You can use this feature to block malicious IP addresses and limit concurrent connections to control access frequency. This helps reduce the risk of DDoS attacks on your website. For more information, see Use access control to block malicious IP addresses and limit concurrent connections.

Data security

Cloud Web Hosting provides encryption of data in-transit, data isolation, and data restoration to mitigate potential security risks for data in the cloud.

  • Encryption of data in-transit: The Cloud Web Hosting console uses HTTPS for encrypted data transmission. It provides encryption in transit with keys of up to 256 bits to meet the requirements for transmitting sensitive data. Using the HTTPS protocol for data transmission provides a higher level of security and protects user data from being stolen or tampered with.

  • User data isolation: Data isolation ensures the security, privacy, and integrity of user data. An effective data isolation mechanism prevents one user's operations from affecting another user's data. It also prevents unauthorized access.

    • Exclusive Web Hosting instances: Different Cloud Web Hosting instances are isolated at the operating system level. Each exclusive Web Hosting instance is an independent server with its own isolated operating system. These operating system environments do not affect each other.

    • Shared Cloud Web Hosting instances: Different users on the same ECS instance are isolated at the file system level. Files from different users, such as website files and application files, are stored in different file systems and isolated by system permissions. This means that even if users share the same ECS instance, each user can access only their own files and cannot access or modify other users' files.

  • Data restoration: Cloud Web Hosting supports backing up and restoring site data, including database data and website data. This helps prevent the loss of important data and mitigates security and data migration risks.

    • Exclusive Web Hosting instances: In the host management console, you can fetch historical data from the past three days for backup or restoration. This includes website data and database data.

    • Shared Cloud Web Hosting instances: Some shared hosts support fetching historical data from the past three days for backup or restoration in the host management console. This includes website data and database data. The actual options displayed in the console prevail.