Sensitive data may be leaked in the outbound connections of your cloud assets. In this case, you can use the data leak detection feature of Cloud Firewall to identify and record leaked sensitive data and the related payloads at the earliest opportunity. This helps protect your business from major losses. This topic describes how to use the data leak dashboard and view data leak details.
Supported editions and specifications
The data leak detection feature is in preview. When the feature becomes available for commercial use and the default specification of your Cloud Firewall cannot meet your business requirements, you can request an additional quota based on the traffic volume of outbound connections. You can view the traffic of outbound connections in the previous seven days in the Asset Configuration panel.
The feature is available for Cloud Firewall that uses the pay-as-you-go or subscription billing method. The feature does not compromise the protection of business traffic in Cloud Firewall.
Cloud Firewall that uses the pay-as-you-go billing method provides a default specification of 100 GB.
The default specification provided by Cloud Firewall that uses the subscription billing method varies based on the Cloud Firewall edition. Cloud Firewall Premium Edition provides a default specification of 100 GB, Enterprise Edition provides a default specification of 300 GB, and Ultimate Edition provides a default specification of 500 GB.
Supported sensitive data types
Cloud Firewall can detect the following types of sensitive data that may be leaked in the outbound connections of public IP addresses in Alibaba Cloud:
AccessKey ID
Passport number (Chinese mainland)
Debit card number
ID card number (Hong Kong, China)
Number of Exit-Entry Permit for Travelling to and from Hong Kong and Macao
ID card number (Chinese mainland)
Military ID number
Private key
To view the supported sensitive data types, you can perform the following operations: Go to the IPS Configuration page in the Cloud Firewall console, find the Data Leak Detection section, and then click View Supported Sensitive Data Types. For more information, see IPS configuration. You can enable or disable data leak detection for a data type based on your business requirements. If Cloud Firewall detects sensitive data in the outbound connections of an asset, Cloud Firewall does not block the traffic of the asset. You can configure access control policies to block traffic.
Prerequisites
Internet Firewall is enabled. For more information, see Enable the Internet firewall.
Enable data leak detection for an asset
To allow Cloud Firewall to detect sensitive data in outbound connections of your cloud assets and identify the related risks, you must enable data leak detection for the assets. An outbound connection refers to the connection from your assets to the Internet.
Data leak detection is available for connections over protocols such as HTTP that are used to transmit data in plaintext. Protocols such as HTTPS that are used to transmit encrypted data are not supported.
Log on to the Cloud Firewall console. In the left-side navigation pane, choose .
In the upper-right corner of the Data Leak Detection page, click Asset Configuration.
In the Asset Configuration panel, find the public IP address that you want to manage and click Enable Data Leak Detection in the Operation column.
View statistics on sensitive data in outbound connections
In the Sensitive Data of Outbound Traffic section, you can view sensitive data statistics within the time range that you specify. The statistics provides you with an overview of the sensitive data leaks of your assets.
In the Distribution of Leaked Sensitive Data by Type section, you can view the distribution of leaked sensitive data within the time range that you specify. This helps you audit the behavior of your assets and protect your business from losses.
View the details of a sensitive data leak event
You can specify a time range to query sensitive data leak events. In the lower part of the Data Leak Detection page, you can find the sensitive data leak event that you want to manage and click View Details in the Operation column. In the Data Leak Details panel, view the related details, including Leaked Information, Risk Payload, Sensitive Data, and Events. In the panel, you can also view the intelligence profile of the destination IP address or domain name to evaluate the security of the destination to which the sensitive data is sent.
Cloud Firewall provides suggestions on how to handle a sensitive data leak event. For example, you can configure access control policies based on the event details to avoid sensitive data leaks. You can handle the event based on your business requirements to minimize the risk of sensitive data leaks.