Alibaba Cloud in 7 Days

Day #2 - Alibaba Cloud Security

May 9, 2018

Yesterday I spent my evening creating the framework for this journal on my website. I created a comparison of the SLAs between Alibaba Cloud and AWS. I created a product comparison page with lots of tables comparing Alibaba Cloud and AWS. The similarities between Alibaba Cloud and AWS are striking. All of this took a few hours, so I did not have time to actually work on the Alibaba Cloud Console.

Security is one of my specialties, so I decided to purchase two Alibaba training courses on security. These courses are not free but are priced at $10.00 each. Not bad - sort of Udemy pricing:

Before watching the training videos, I searched for white papers on Alibaba security:
Alibaba Cloud Security White Paper - Version 2.0 - 2017.01

This white paper is a little short on details. This is more of a high-level overview without much substance. Nothing mentioned about critical security certifications such as PCI DSS, HIPAA, etc.

This document did have a link to the Alibaba Cloud Trust Center:

The Trust Center had a link to a much better security white paper:

This white paper is much better and covers to some depth most of the Alibaba Cloud services. This is 90+ pages of content and I highly recommend investing the time to read this document. I will be referencing this document often as I go thru the common services with my eye on security.

After reading the two white papers, I then watched the first security training course and took the exam. This exam was much better than the exam that I took on the Day #1. However, there was nothing on the exam from the training material. I could have just taken this exam blind. The exam focused on common networking security topics related to Windows and Linux. Nothing really specific about Alibaba Cloud. Cloud Security Specialist Certification

Basic Alibaba Cloud Security

  • Login Security
  • Account Authentication
  • Server Vulnerabilities
  • Application Vulnerabilities
  • Data Encryption and Backup
  • Network Attacks

Data Encryption (Data at Rest)

  • OSS Encryption
  • RDS Encryption
  • HSM
  • KMS

Data Transmission (Data in Transit):

  • SSL
  • httpDNS

Host Security:

  • Server Guard
    • Trojan Scan
    • Login Security - Brute Force Login Detection
    • Login Security - Remote Untrusted Login Detection
    • Webshell Detection

Network Security:

  • WAF - Web Application Firewall
  • Anti-DDos Basic and Pro

Monitoring and Control:

  • Cloud Monitor
  • RAM - Resource and Access Management

I will need to allocate another day to Alibaba Cloud Security as the above lists contain a lot of services to study.

15220 Main Street, Bellevue, WA 98007
T: 425-528-8500 - F: 425-528-8550 - E: neoprime@neoprime.io

Copyright 2018 NeoPrime LLC