What is the billing method of e Cloud vulnerability scanning?
Billing by times and number of hosts.
Is there any security risk in security vulnerability scanning?
As part of the function options of the automatic scanning tool used in security vulnerability scanning is to test with simulated attack method, as well as the customer's specific system architecture and other factors, the scanning process may have a certain impact on the system, and introduce uncertain system downtime and service downtime risks. Specific risks will be determined before the assessment, and emergency plans will be formulated.
The principles to be observed in the implementation process include but are not limited to:
The whole scanning process and all documents should be well normative to facilitate the tracking and control of the project.
On the premise of ensuring the quality of scanning, it is necessary to ensure the controllability of vulnerability scanning according to the schedule. The tools, methods and processes of vulnerability scanning shall be carried out legally within the scope approved by both parties.
Integrity and Finiteness Principle:
The contents of vulnerability scanning shall include users and other levels. The objects of vulnerability scanning shall include and are limited to specific equipment and systems designated by users. Without authorization of users, the scope and objects of vulnerability scanning shall not be reduced or expanded.
Minimum Impact Principle：
Vulnerability scanning should avoid affecting the normal operation of the system and network, and try not to damage and stop the normal operation of the system and network.
The process and results of vulnerability scanning shall be strictly confidential, and any printed and electronic effective data, documents and other network data involved in the scanning project shall not be disclosed.
How to guarantee the security of vulnerability scanning service?
During the login scanning process or when it needs to execute the baseline configuration check script on behalf of the client, a temporary account with administrator authority shall be provided, and the login address white list shall be configured. e Cloud security personnel will operate through the bastion host. The Operation has authorization, audit, record operation log and record the responsible personnel of each part. When the scan is completed, the customer will destroy the temporary account and verify the destruction.