Login
      Contents x
      Prerequisites for using Security Monitoring
        • Print
        • PDF
        Contents

        Prerequisites for using Security Monitoring

          • Print
          • PDF
          Article Summary

          Available in Classic and VPC

          You can view supported environments, pricing plans, and restrictions, etc., for the smooth use of Security Monitoring.

          Cloud environment specifications

          The Cloud environment specification that Security Monitoring supports is the following:

          ItemSupported specifications
          Region (Zone)Korea (KR1, KR2), US, Singapore, Japan, and Germany
          PlatformVPC, Classic
          LanguageKorean, English, Japanese

          Supported specifications by region and platform

          The following are the configurations of provided security services according to the region and platform being used by the user.

          RegionPlatformDashboardSecurity log storage (with CLA integration)Notification Setting
          IDSAnti-VirusWAFAnti-DDoSIPSIDSAnti-VirusWAFAnti-DDoSIPSSet notification recipients
          Korea, Singapore, JapanVPCOOOOOOOOXOO
          Korea, United States, Singapore, Japan, and GermanyClassicOOOOOXXXXXO
          The above table is a simple summary. Even for the same security service, the actual supported features may differ slightly, depending on the region and platform. Therefore, the user must check their environment information and accurately identify the available security service types and scope of features. For details on service configuration based on the region and platform, make sure to refer to [Security Monitoring concept](/docs/en/securitymonitoring-info).

          Services with impact

          Security Monitoring is conducted based on IP address. Therefore, even if it is not in the form of Security Monitoring, if you are using other services on NAVER Cloud Platform for which you allocate and use Public IP or Load Balancer IP, there may be an impact on the quality of the service. Therefore, check if NAVER Cloud Platform's services you're using assign public IPs or Load Balancer IPs. For reference, the examples of NAVER Cloud Platform's services related to public IP or Load Balancer IP are as follows.

          • Compute: Server, Load Balancer, Public IP...
          • Database: Cloud DB for MySQL, Cloud DB for MSSQL, Cloud DB for Redis, Cloud DB for Mongo DB, Cloud DB for PostgreSQL...
          • Big Data & Analytics: Cloud Hadoop, Search Engine Service...

          Precautions for using security services

          It guides precautions when using the security service provided by Security Monitoring. You must familiarize yourself with the precautions as they are related to the normal operation and billing of Security Monitoring.

          Precautions for Anti-virus

          The following are the precautions for using Anti-virus.

          • Supported Anti-virus agent kernel versions for each operating system: the Anti-virus agent has supported kernel versions for each operating system. Since it only operates on supported kernel versions, Security Monitoring may not operate properly if the user updates to an unsupported kernel version. To check the list of supported kernel versions for each operating system, refer to here.
          Caution

          Please note that NAVER Cloud Platform does not guarantee the quality of Anti-virus on kernel versions that aren't on the list of supported kernel versions for each operating system.

          • When unintentional billing may occur: please be aware of the following cases.
            • When creating servers with a virtual server (VM) image: if you create a server with a virtual server image where an Anti-virus agent is installed, then the Anti-virus agent is automatically installed on the created server and is subject to billing. Therefore, to prevent unintentional billing caused by Anti-virus in VMs, make sure to use a virtual server image with the Anti-virus agent deleted.
            • Classic When creating Auto Scaling in the environment: if you create a server with an Auto Scaling virtual server image where an Anti-virus agent is installed, then the Anti-virus agent is automatically installed on the created server and is subject to billing. Therefore, to prevent unintentional billing caused by Anti-virus on servers, make sure to use a virtual server image with the Anti-virus agent deleted.

          Cautions for Anti-DDoS

          The following are the precautions for using Anti-DDoS.

          • Service use conditions: you can only request this service for services that use public IPs or public Load Balancer.
          • Attack defense range: it only supports the defense of L4 layer attacks for encrypted packets, and does not support the defense of L7 layer attacks.

          Cautions for WAF

          The following are the precautions for using WAF.

          VPC

          The following are the precautions for using WAF in the VPC environment.

          • Service usage conditions: you can only use WAF under the following circumstances.
            • Available only for services using Application Load Balancer: WAF configures and provides a separate WAF platform for each customer with the reverse proxy method. WAF provides secured monitoring for HTTP/HTTPS traffic. Therefore, it is only available for HTTP/HTTPS services that uses Application Load Balancer.
            • Existence of service domain: to use the WAF service, CNAME of the customer service domain needs to be modified to the information of the WAF Load Balancer domain to direct the traffic to WAF. Thus, you can request subscription to the service only if you have a service domain.
            • Installation and delivery of certificate: for the monitoring of HTTPS services, a certificate needs to be installed on WAF Load Balancer, and the certificate for the customer's service also needs to be delivered upon service subscription.
            • HTTP Configuration of 80 listener: the communication between WAF VM and Application Load Balancer of the user service uses the HTTP 80 port public communication. Therefore, the HTTP 80 listener must be configured by default on the user's service Application Load Balancer.
            • Configuration of redirection: WAF Load Balancer also supports 443 redirect settings for Port 80 by default. Thus, to use the WAF service normally, you need to delete any HTTP -> HTTPS redirects that exist in the user's application Load Balancer or server.
            • HTTP protocol setting: when requesting HTTPS monitoring, the HTTP protocol configuration is required for the Application Load Balancer listener.
            • CNAME Setting: for the provision of the WAF(V2), CNAME configuration is required in the target customer domain.
              If the target customer domain is Base domain, CNAME setting is not available. It is required to set to WAF VIP in A report.
              After configuring WAF, the information about the WAF Load Balancer domain settings to be registered on CNAME will be delivered to the customer.

          • When it affects usage fees: depending on the number of service domains (or number of certificates) subject to WAF monitoring and service traffic, the number of WAF Load Balancers and WAF VMs of the platform changes, and the service usage fees may also increase.
          Note

          WAF (V2) can register up to 512 cases of IP blacklist.
          <Example>

          • Single: 192.168.10.5
          • Range: 192.168.10.5-192.168.10.8 (registered as a single IP when a range is registered)

          Classic

          The following are the precautions for using WAF in the Classic environment.

          • Service usage conditions: you can only use WAF under the following circumstances.
            • Available only for services using standard HTTP/HTTPS protocols: it provides security monitoring for web services using the standard HTTP/HTTPS protocols. Thus, the protocol must be set as HTTP/HTTPS to monitor services using NAVER Cloud Platform's Load Balancer. The WAF service cannot be used when configured with TCP or SSL.

          Cautions for IPS

          The following are the precautions for using IPS.

          VPC

          The following are the precautions for using IPS in the VPC environment.

          • IPS offers X-Forwarded-For. Therefore, the Application Load Balancer must be used to identify the IP address (original client IP address) when monitoring the Load Balancer traffic. The IP address (original client IP address) cannot be displayed correctly while using the Network Load Balancer or the Network Proxy Load Balancer.

          • Supported IPS agent kernel versions for each operating system: the IPS agent has supported kernel versions for each operating system. Since it only operates on supported kernel versions, Security Monitoring may not operate properly if the user updates to an unsupported kernel version. To check the list of supported kernel versions for each operating system, refer to here.

            Caution

            Please note that NAVER Cloud Platform does not guarantee the quality of IPS on kernel versions that aren't on the list of supported kernel versions for each operating system.

          • When unintentional billing may occur: please be aware of the following cases.

            • When creating servers with a virtual server (VM) image: if you create a server with a virtual server image where an IPS agent is installed, then the IPS agent is automatically installed on the created server and is subject to billing. Therefore, to prevent unintentional billing caused by IPS in VMs, make sure to delete the IPS agent before creating the server image.
            • When creating Auto Scaling: if you create a server with an Auto Scaling virtual server image where an IPS agent is installed, then the IPS agent is automatically installed on the created server and is subject to billing. Therefore, to prevent unintentional billing caused by IPS on servers, make sure to use a virtual server image with the IPS agent deleted.

          Classic

          The following are the precautions for using IPS in the Classic environment.

          • IPS offers X-Forwarded-For. Therefore, the HTTP and HTTPS protocols must be used to identify the IP address (original client IP address) when monitoring the Load Balancer traffic. The IP address (original client IP address) cannot be displayed successfully while using TCP and SSL protocols.
          • Attack defense range: it does not support detection or analysis of encrypted packets. However, you can detect and analyze encrypted traffic when using the offloading feature Load Balancer SSL Offloading that uses the HTTPS protocol.

          Usage fee

          Security Monitoring Management is a security service that provides requested paid security services. For details about its pricing standards, refer to the Portal> Service> Security > Security Monitoring menu.

          Caution

          Even if you stop using the service being protected through Security Monitoring, the Security Monitoring usage fees will continue to be charged separately. Therefore, to stop the Security Monitoring fees, you must cancel the Security Monitoring subscription separately. You can cancel your subscription as follows.

          Was this article helpful?
          What's Next
          Change password!
          Changing your password will log you out immediately. Use the new password to log back in.
          Change profile
          Success!
          First name must have atleast 2 characters. Numbers and special characters are not allowed.
          Last name must have atleast 1 characters. Numbers and special characters are not allowed.
          Enter a valid email
          Enter a valid password
          Your profile has been successfully updated.
          Logout