<p>Key Pair Overview</p> <p>Key pairs are used for identity authentication when you log in to your ECS instances. Usually, key pairs can only be used on Linux instances. Ping An Cloud generated key pairs use 2048-bit RSA for encryption. These key pairs are more secure than user passwords and can avoid brute-force attacks. Ping An Cloud generates a key pair consisting of a public key open to the public and a private key reserved by users. The private key is a PEM (Privacy-enhanced Electronic Mail)-coded unencrypted key. It is in the format of PKCS#8 and can be converted to the format of ppk using PuTTYgen.</p> <p><strong>Usage Guidelines:</strong></p> <p>l&nbsp; A private key will not be saved by Ping An Cloud after being downloaded to a local machine and cannot be downloaded again. Keep your private key with caution.</p> <p>l&nbsp; When a key pair is bound to an ECS instance, you cannot log in to the ECS instance &nbsp;with the username or password if you do not have the private key.</p> <p>Security Group Overview</p> <p>A security group acts as a virtual firewall with functions of status inspection and data packet filtration. A security group consists of two parts including an instance list and security group rules. You can add ECS instances into the instance list of security groups and authorize access permissions to ECS instances in the instance list by security group rules. The security group is an important network security isolation tool.&nbsp;</p> <p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20200207143349-1c590c4390f3.png" style="height:312px; width:555px" /></p> <table border="1" cellpadding="0" cellspacing="0"> <tbody> <tr> <td style="vertical-align:top"> <p>实例列表</p> </td> <td style="vertical-align:top"> <p>Instance list</p> </td> </tr> <tr> <td style="vertical-align:top"> <p>云服务器</p> </td> <td style="vertical-align:top"> <p>ECS instance</p> </td> </tr> <tr> <td style="vertical-align:top"> <p>安全规则</p> </td> <td style="vertical-align:top"> <p>Security rule</p> </td> </tr> </tbody> </table> <p>&nbsp;</p> <p>For your convenience in terms of opening security policies, Ping An Cloud presents security group rules in the form of whitelists. It represents all rules allow forwarding by default. If an access message is not matched with any security group rule, the access will be denied by the system by default. You can customize access directions. OUT represents that ECS instances in the instance list access authorized IP addresses, namely VPC OUT. IN represents that authorized IP addresses access ECS instances in the instance list, namely VPC IN.&nbsp;</p> <p><img src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20200207143422-19cbd7fb9930.png" style="height:205px; width:421px" /></p> <table border="1" cellpadding="0" cellspacing="0"> <tbody> <tr> <td style="vertical-align:top"> <p>实例列表</p> </td> <td style="vertical-align:top"> <p>Instance list</p> </td> </tr> <tr> <td style="vertical-align:top"> <p>云服务器</p> </td> <td style="vertical-align:top"> <p>ECS instance</p> </td> </tr> <tr> <td style="vertical-align:top"> <p>出方向</p> </td> <td style="vertical-align:top"> <p>OUT</p> </td> </tr> <tr> <td style="vertical-align:top"> <p>入方向</p> </td> <td style="vertical-align:top"> <p>IN</p> </td> </tr> </tbody> </table> <p>&nbsp;</p> <p>Ping An Hotfix Overview</p> <p>Based on Oracle Ksplice technology and designed for crucial business scenarios, Ping An Hotfix can completely realize online patching and hot rollback for kernel and key system components. It helps avoid frequent system restarting in the process of patching and upgrading Linux system. It effectively improves the efficiency of operation and maintenance, reduces time window, and quickly meets security and compliance requirements.</p> <p>Online upgrade of Ksplice user space core components is mainly designed for glibc and openssl. Traditional upgrade of the two components requires to restart applications that depend on these components one by one. The effect of traditional upgrade is similar to restarting the system. Online upgrade of Ksplice user space core components can solve the problem. It enables most process or services that depend on glibc and OpenSSL to be adapted online after glibc and openssl are updated.</p> <p>Ping An Guard Overview</p> <p>Ping An Guard is a free anti-virus software provided by Ping An Cloud for Windows system and features cloud killing function for an ECS. It adopts MacAfee anti-virus engine and can effectively ensure the ECS security to timely prevent virus attack.</p> <p>Ping An Host Security Overview</p> <p>Based on Host Intrusion Detection System (HIDS) and consisting of lightweight Agent and cloud, Ping An Host Security (PHS) provides host protection functions including back door detection, malicious process detection, and log-in security detection (including detection for abnormal log-in and brute force attack) for you to safeguard your Linux servers.</p> <p>PHS of basic edition provides the following services:</p> <p><strong>Log-in record audit</strong>: PHS keeps all login records, identifies the administrator&#39;s common login location, detects risks in suspicious abnormal login behaviors, gives real-time warnings, and sets a login white list to confirm to log in to a secure IP address.</p> <p><strong>Brute force attack</strong>: PHS identifies illegal password cracking behaviors and reports them to Ping An Cloud to prevent hacker intrusion by guessing the password.</p> <p>For information about product function, scenarios and operation guideline of PHS, see <a href="#https://pinganyun.com/ssr/help/security/hids/index" target="_blank">Ping An Host Security</a> in the Documentation.</p>