Web Application Firewall (WAF) provides the asset center feature that you can use to identify domain names in and outside Alibaba Cloud and assess risks based on the attack status of the domain names in the cloud. This helps you obtain the overall protection status of your domain names. You can enable protection for high-risk domain names to improve the overall security of your business system.
Background information
Network application assets are the most important carrier of network applications in a security management system and are the most fundamental components in a business system. As enterprise business rapidly develops, more business systems are used. A single enterprise may have multiple business systems, and employees may forget to release resources after they build websites or test environments. As a result, business systems may contain unmanaged zombie assets. The most vulnerable part of a business system determines the overall security of the system. In most cases, zombie assets use outdated versions of open source systems, components, or web frameworks, which have common vulnerabilities. Attackers can exploit these vulnerabilities to invade the internal network of an enterprise.
Step 1: Go to the Asset Center page and authorize WAF to access cloud resources
Log on to the WAF 3.0 console. In the top navigation bar, select the resource group and the region in which the WAF instance is deployed. You can select Chinese Mainland or Outside Chinese Mainland for the region.
In the left-side navigation pane, click Asset Center.
On the Asset Center page, click Enable Now.
NoteYou need to perform authorization only once. If you already authorized WAF to access cloud resources, skip this step.
The first time you enable the feature, Alibaba Cloud automatically creates the AliyunServiceRoleForWAF service-linked role. You can log on to the Resource Access Management (RAM) console to view the service-linked role. For more information, see View the information about a RAM role.
After Alibaba Cloud creates the AliyunServiceRoleForWAF service-linked role, your WAF instance can access the resources of the associated cloud services, such as Elastic Compute Service (ECS), Server Load Balancer (SLB), Alibaba Cloud DNS, Alibaba Cloud CDN, Certificate Management Service, and Simple Log Service.
After you authorize WAF to access cloud resources, WAF automatically identifies domain names within your Alibaba Cloud account and displays the domain names on the Asset Center page.
NoteThe asset center feature can identify domain names that are hosted on and outside Alibaba Cloud. The domain names that are hosted outside Alibaba Cloud include the domain names mapped to servers that are not deployed on Alibaba Cloud and the domain names of servers that are deployed in data centers.
By default, the proactive fingerprint detection feature is enabled for accurate identification. The proactive fingerprint detection feature identifies the fingerprints of assets that are added to WAF by using passive traffic learning and proactive detection. Proactive fingerprint detection is performed once every two weeks to obtain comprehensive and accurate detection results. We recommend that you keep the feature enabled.
Step 2: Add a domain name
If your second-level domain name is not in the asset list, you can add the domain name to WAF.
On the Overview tab of the Asset Center page, click the icon in the upper-right corner above the asset list.
In the Add Asset dialog box, enter the domain name of your website and verify the ownership of the domain name.
The first time you add a domain name to WAF, you must verify your ownership of the domain name. You can add the domain name to WAF only after you successfully verify your ownership of the domain name. For more information, see Verify the ownership of a domain name.
Then, click Add.
After you add the domain name, the domain name appears in the asset list on the T+1 day.
Step 3: View domain names
On the Asset Center page, view the details of the domain names.
Data type | Description | Operation |
Domain name statistics (Figure 1) | WAF displays the numbers of second-level domain names, subdomains, unprotected subdomains, unprotected high-risk subdomains, unprotected medium-risk subdomains, and unprotected low-risk subdomains within your Alibaba Cloud account. The daily change in the number of subdomains is displayed on the right side of the number of subdomains. | None |
Details of domain names (Figure 2) | WAF aggregates the domain names based on the second-level domain names and displays the aggregated domain names in a list. The following section describes the information about each second-level domain name:
|
|
Step 4: Export domain names
On the Overview tab of the Asset Center page, select the second-level domain names that you want to export and click the icon in the upper-right corner.
On the Export Record tab of the Asset Center page, find the generated file and click Download to download the file.
Before the generated file is automatically deleted, the file is stored on Alibaba Cloud for up to three days.
NoteYou can download domain names by using only an Alibaba Cloud account.