Alibaba Cloud Fraud Detection provides multi-level network security capabilities, including network isolation, transmission encryption, firewall protection, and access control, to help you build a secure cloud environment.
Network isolation
Integration with VPC and support for network isolation
Fraud Detection is integrated with Virtual Private Cloud (VPC), which uses tunneling technology to implement data link layer isolation and provide each user with an independent, secure network environment.
-
Default network isolation: By default, Fraud Detection is deployed in dedicated VPCs, ensuring complete network isolation among tenants.
-
Custom access control: You can configure access control policies and security group rules for inbound and outbound traffic to achieve finer-grained network isolation.
Connections over internal networks and the Internet
Fraud Detection adopts strict access control policies to prioritize the security of internal network communications:
Prioritized internal network access
-
By default, Fraud Detection exposes only internal endpoints, ensuring that service calls remain within internal networks and are not exposed to the Internet.
-
For scenarios in which Internet access is required, you must explicitly request and configure specific access control policies.
Restrictions on Internet access
-
Protection features such as IP address whitelists and access frequency limits help ensure security when Internet access is enabled.
-
Traffic forwarding through API Gateway ensures that Internet access undergoes strict identity authentication and access control.
Secure transmission guarantee
Transmission encryption
All network traffic is transmitted through encrypted channels:
-
Transport Layer Security (TLS)-based encryption: Fraud Detection uses TLS 1.2 or later to encrypt data in transit, ensuring confidentiality and integrity.
-
VPN tunnel-based protection: You can establish IPsec VPN or SSL VPN tunnels to provide additional security for remote access.
Data integrity verification
-
Fraud Detection verifies data integrity during transmission to prevent tampering or forgery.
-
Digital signature generation and verification ensure the authenticity and reliability of data sources.
Network defense capabilities
Firewall protection systems
Fraud Detection integrates with multi-level firewall mechanisms:
Cloud Firewall
-
Cloud Firewall analyzes outbound traffic and monitors unusual traffic in real time through breach awareness.
-
Cloud Firewall works with the host security feature of Security Center for closed-loop vulnerability management.
WAF
-
Web Application Firewall (WAF) defends against common web threats such as SQL injection and cross-site scripting (XSS) attacks.
-
WAF supports bot management to prevent malicious access from automated attack tools.
Anti-DDoS
-
Fraud Detection is integrated with Anti-DDoS Origin, which provides Tbit/s-level bandwidth to defend against DDoS attacks.
-
Anti-DDoS supports automatic attack detection and traffic scrubbing to ensure business continuity.
Access control policies
Fine-grained access control
-
Fraud Detection supports fine-grained authorization for resources and API operations based on Resource Access Management (RAM).
-
Tag-based access control policies enable flexible permission management.
Network access audit
-
All network access logs are recorded and support detailed traffic audit, tracing, and analysis.
-
Access statistics reports help you identify potential security risks.
Reliability guarantee
Multi-zone deployment
-
Fraud Detection uses a multi-zone architecture to ensure high availability and disaster recovery.
-
Cross-region disaster recovery and backup ensure business continuity.
Network health monitoring
-
Fraud Detection monitors network connectivity and service quality in real time and handles network exceptions.
-
Network performance metrics help you optimize network configuration.
These multi-level security measures ensure the security and reliability of network traffic and meet enterprise requirements for network security.