All Products
Search
Document Center

Cloud Firewall:Disable the installation of unauthorized tools

Last Updated:Jun 20, 2024

In most cases, tools such as Nmap, MassCAN, and Pnscan are used to perform a large number of Internet-based scans, and Netcat is used to listen on ports and establish webshell connections. Cloud Firewall can be used to identify and control the unauthorized installation of the tools.

Impacts

This section describes the impacts of the installation of unauthorized tools.

  • Unauthorized operations performed by an employee of an enterprise

    After an employee of an enterprise downloads and installs an unauthorized tool, the employee can use the tool to perform asset mapping on the enterprise, disclose the network topology of the enterprise, and perform other unauthorized operations.

  • Attacks

    After an attacker intrudes into an internal network, the attacker can run the yum and apt-get commands to install unauthorized tools. The attacker can use the tools to implement lateral movement, insert webshells, and steal data based on the mapping of the network topology.

  • Spreading of worms and trojans

    After worms or other viruses compromise your host, unauthorized tools are downloaded and installed on the host by using scripts. If the tools are used to perform Internet-based scans, various hosts can be compromised.

Operations in the Cloud Firewall console

If you want to disable the installation of unauthorized tools for your Elastic Compute Service (ECS) instance, you can log on to the Cloud Firewall console, choose Prevention Configuration > IPS Configuration, and click Configure in the Basic Protection section. In the Basic Protection dialog box, change the mode of specific or all related rules to Block. This prevents or minimizes the preceding impacts in an efficient manner.

yum