NHN Cloud guides for security products, security policy, and vulnerability information, to provide safer security environment. Security policy is provided as below, to protect customer's resources from new and various types of attacks and security vulnerabilities, and prepare against frequent accidents and threats in the cloud.
To set passwords for user accounts (both root and general accounts), general passwords that are easy to guess may be cracked by unauthorized users and obtain role for general or root accounts and access systems. As this may result in the leakage of important data saved in the server or abused as hackers' stop, a safe password must be set and managed. .
Must be comprised of 8 or more characters, in combination of alphabets, numbers, and special characters. Following passwords should be avoided as they are easy to guess:
To protect customer's resources and services, NHN Cloud applies the following as the basic password policy.
Instances exposed to external networks may be abused as stops for Distributed Reflection Denial of Service, or DRDoS attacks, causing service failure or unintentional traffic charges due to abnormal increase in outbound traffic.
DRDoS occurs due to vulnerable settings of applications, such as DNS, NTP, SSDP, or Memcached. This bandwidth amplifying attack technique is widely used for recent hackings, as it creates a large response packet with small request packets by using a number of zombie computers, and causes traffic to be concentrated at a target server.
To protect customer's resources and services, NHN Cloud blocks UDP ports which are frequently abused as stops for DRDoS attacks..
Service Name | Blocked Port | Blocking Method | Reference |
---|---|---|---|
Chargen | UDP / 19 | Network ACL | Inaccessible from outside |
SSDP | UDP / 1900 | Network ACL | Inaccessible from outside |
Memcached | UDP / 11211 | Network ACL | Inaccessible from outside |
To protect customer service, the block-intrusion system is provided as well as security group which is managed under the control of customers.
Region | Service Name | Blocked Port | Blocking Method | Remarks |
---|---|---|---|---|
Korea (Pangyo/Pyeongchon) Japan (Tokyo) US (California) |
System Terminal Port | TCP/23 | Blocked by network ACLs | Externally inaccessible |
Service Name | Blocked Port | Blocking Method | Remarks |
---|---|---|---|
System Terminal Port | TCP/22, 23, 3389 | Blocked by network ACLs | Externally inaccessible |
DBMS Port | TCP, UDP/1433(MS-SQL), 1521(Oracle), 3306(MySQL) | Blocked by network ACLs | Externally inaccessible |
Netbios Port | TCP, UDP/135, 137, 138, 139, 445 | Blocked by network ACLs | Externally inaccessible |
Etc. | TCP/21(FTP), TCP / 5900(VNC) | Blocked by network ACLs | Externally inaccessible |