Main Features
1. Intrusion Detection
SSH Remote Login
UHIDS continuously monitors and collects the commonly used SSH login source addresses and compares the current login address with typical login locations. If an SSH login attempt is detected from an abnormal geographic location, an alert is triggered, and the user is notified.
SSH Brute-Force Attack
UHIDS analyzes SSH login logs in real-time and automatically identifies brute-force attempts. When the system detects signs of successful brute-force login, it will immediately trigger an alert and notify the user, helping them respond quickly and prevent further attacks.
Backdoor Trojan
By monitoring network connections and other network characteristics of processes, UHIDS can identify and alert potential backdoor Trojan programs. If suspicious malicious processes are detected, the system will alert the user to prevent hackers from controlling the server through Trojan programs.
Abnormal Processes
UHIDS performs real-time monitoring of system processes, checking process startup directories, execution programs, etc. If a suspicious Trojan or other malicious process is detected, the system will issue a warning and notify the user promptly, ensuring early detection of security threats.
Malicious Communication
By analyzing the network connections of processes, UHIDS can detect abnormal communication patterns. If suspicious malicious communication is detected, the system will trigger an alert, reminding the user to address the potential security risk.
2. Vulnerability Detection
System Vulnerability Detection
UHIDS collects kernel version, dynamic library version, and configuration file information, then compares it with the historical vulnerability database. If a known vulnerable version is found, the system will automatically alert the user to fix the vulnerability in time to ensure system security.
Third-Party Software Vulnerability Detection
UHIDS not only detects OS vulnerabilities but also checks for vulnerabilities in commonly used third-party software (such as Nginx, sshd, MySQL, etc.). The system compares with known vulnerability databases, and once a vulnerability in the third-party software is detected, it triggers an alert to help the user take preventive measures.
3. Baseline Check
Weak Password Check
UHIDS regularly checks system accounts, MySQL accounts, etc., using a weak password dictionary. If weak passwords are detected, the system will automatically alert the user and recommend changing the passwords to improve account security and prevent brute-force attacks.
Application Layer Configuration Check
UHIDS includes and regularly updates a security baseline library that automatically checks the configurations of application-layer software (e.g., PHP, MongoDB, Redis, MySQL, Nginx, HTTPD, etc.). If any configuration items do not meet the security baseline requirements, the system will issue an alert and notify the user to adjust the security configuration.
4. Alert Management
To help users stay informed about the security status of their cloud hosts, UHIDS provides comprehensive alert management features and supports a whitelist mechanism, allowing users to customize settings based on their specific needs.
Login IP Whitelist
UHIDS allows users to set a login IP whitelist, specifying which IP addresses can access the server, enhancing access control and reducing unnecessary login risks.
Login Location Whitelist
Users can set up a city-based whitelist for login locations. Only login requests from specified cities will be allowed, further enhancing system security.
Alert Settings
UHIDS provides multiple alert options, including email and SMS, to ensure that users are promptly informed of risks or security events on their cloud hosts. Timely alerts allow users to take appropriate action and reduce the security risks faced by their cloud hosts.