Security Monitoring prerequisites

Available in Classic and VPC

Check supported environments, pricing plan, and service limits for the best usage of Security Monitoring.

Cloud environment specifications

The cloud environment specification that Security Monitoring supports is as follows:

Specifications by Region and platform

The following are the configurations of provided security services according to the Region and platform being used by the user:

The above table is a simple summary. Even for the same security service, the actual supported features may differ slightly, depending on the Region and platform. Therefore, you must check your environment information and accurately identify the available security service types and scope of features. For more information on service structure according to Region and platform, make sure to see Security Monitoring concepts.

Services with impact

Security Monitoring is conducted based on IP address. Even if it is not in the form of Security Monitoring, if you are using other services on NAVER Cloud Platform for which you allocate and use Public IP or Load Balancer IP, there may be an impact on the quality of the service. Therefore, check if NAVER Cloud Platform's services you're using assign Public IP or Load Balancer IP. For reference, the examples of NAVER Cloud Platform's services related to Public IP or Load Balancer IP are as follows:

• Compute: Server, Load Balancer, Public IP...
• Database: Cloud DB for MySQL, Cloud DB for MSSQL, Cloud DB for Cache, Cloud DB for Mongo DB, Cloud DB for PostgreSQL...
• Big Data & Analytics: Cloud Hadoop, Search Engine Service...

Precautions for using security services

This is a guide to precautions when using the security service provided by Security Monitoring. You must familiarize yourself with the precautions as they are related to the normal operation and billing of Security Monitoring.

Precautions for Anti-Virus

The following are the precautions for using Anti-Virus:

• Supported Anti-Virus Agent kernel versions for each operating system: the Anti-Virus Agent has supported kernel versions for each operating system. Since it only operates on supported kernel versions, Security Monitoring may not operate properly if the user updates to an unsupported kernel version. To check the list of kernel versions supported for each operating system, see Here.

• When unintentional billing may occur, be aware of the following cases:
  • When creating servers with a virtual server (VM) image: if you create a server with a virtual server image where an Anti-Virus agent is installed, the Anti-Virus agent is automatically installed on the created server and is subject to billing. Therefore, to prevent unintentional billing caused by Anti-Virus in VMs, make sure to use a virtual server image with the Anti-Virus Agent deleted.
  • When creating Auto Scaling in the Classic environment: if you create a server with an Auto Scaling virtual server image where an Anti-Virus Agent is installed, the Anti-Virus Agent is automatically installed on the created server and is subject to billing. Therefore, to prevent unintentional billing caused by Anti-Virus on servers, make sure to use a virtual server image with the Anti-Virus agent deleted.

Precautions for Anti-DDoS

The following are the precautions for using Anti-DDoS:

• Service use conditions: you can only request this service for services that use Public IPs or public Load Balancer.
• Attack defense range: it only supports the defense of L4 Layer attacks for encrypted packets, and does not support the defense of L7 Layer attacks.

Precautions for WAF

The following are the precautions for using WAF:

VPC

The following are the precautions for using WAF in the VPC environment:

• Service usage conditions: you can only use WAF under the following circumstances:

  • Provided only for services using Application Load Balancer: WAF organizes and provides a separate WAF platform for each user. WAF provides secured monitoring for HTTP/HTTPS traffic. Therefore, it is only available for HTTP/HTTPS services that use Application Load Balancer.
  • Existence of service domain: to use the WAF service, CNAME of the customer service domain needs to be modified to the information of the WAF Load Balancer domain to direct the traffic to WAF. Thus, you can request subscription to the service only if you have a service domain.
  • Installation and delivery of certificate: for the monitoring of HTTPS services, a certificate needs to be installed on WAF Load Balancer, and the certificate for the customer's service also needs to be delivered upon service subscription.
  • HTTP configuration of 80 listener: the communication between WAF VM and Application Load Balancer of the user service uses the HTTP 80 port public communication. Therefore, the HTTP 80 listener must be configured by default on the user's service Application Load Balancer.
  • Configuration of redirection: WAF Load Balancer also supports 443 redirect settings for Port 80 by default. Thus, to use the WAF service normally, you need to delete any HTTP -> HTTPS redirects that exist in the user's application Load Balancer or Server.
  • HTTP protocol setting: when requesting HTTPS monitoring, the HTTP protocol configuration is required for the Application Load Balancer listener.
  • CNAME setting: for the provision of the WAF (V2), CNAME configuration is required in the target customer domain.
    If the target customer domain is Base domain, CNAME setting is not available. It is required to set to WAF VIP in A record.
    After configuring WAF, the information about the WAF Load Balancer domain settings to be registered on CNAME will be delivered to the customer.

• When it affects usage fees, depending on the number of service domains (or number of certificates) subject to WAF monitoring and service traffic, the number of WAF Load Balancers and WAF VMs of the platform changes, and the service usage fees may also increase.

Classic

The following are the precautions for using WAF in the Classic environment:

• Service usage conditions: you can only use WAF under the following circumstances:
  • Available only for services using standard HTTP/HTTPS protocols: it provides security monitoring for web services using the standard HTTP/HTTPS protocols. Thus, the protocol must be set as HTTP/HTTPS to monitor services using NAVER Cloud Platform's Load Balancer. The WAF service cannot be used when configured with TCP or SSL.

Precautions for IPS

The following are the precautions for using IPS:

VPC

The following are the precautions for using IPS in the VPC environment:

• IPS offers X-Forwarded-For. Therefore, the Application Load Balancer must be used to identify the IP address (Original Client IP address) when monitoring the Load Balancer traffic. The IP address (Original Client IP address) cannot be displayed correctly while using the Network Load Balancer or the Network Proxy Load Balancer.

• Supported IPS Agent kernel versions for each operating system: the IPS Agent has supported kernel versions for each operating system. Since it only operates on supported kernel versions, Security Monitoring may not operate properly if the user updates to an unsupported kernel version. To check the list of kernel versions supported for each operating system, see Here.

  Caution

  Note that NAVER Cloud Platform does not guarantee the quality of IPS on kernel versions that aren't on the list of supported kernel versions for each operating system.

• When unintentional billing may occur, be aware of the following cases:

  • When creating servers with a virtual server (VM) image: if you create a server with a virtual server image where an IPS Agent is installed, the IPS Agent is automatically installed on the created server and is subject to billing. Therefore, to prevent unintentional billing caused by IPS in VMs, make sure to delete the IPS Agent before creating the server image.
  • When creating Auto Scaling: if you create a server with an Auto Scaling virtual server image where an IPS Agent is installed, the IPS Agent is automatically installed on the created server and is subject to billing. Therefore, to prevent unintentional billing caused by IPS on servers, make sure to use a virtual server image with the IPS Agent deleted.

Classic

The following are the precautions for using IPS in the Classic environment:

• IPS offers X-Forwarded-For. Therefore, the HTTP and HTTPS protocols must be used to identify the IP address (Original Client IP address) when monitoring the Load Balancer traffic. The IP address (Original Client IP address) cannot be displayed successfully while using TCP and SSL protocols.
• Attack defense range: it does not support detection or analysis of encrypted packets. However, you can detect and analyze encrypted traffic when using the Load Balancer SSL Offloading feature that uses the HTTPS protocol.

Pricing information

Security Monitoring Managed is a security service that provides requested paid security services. For more information on the pricing standards, see Portal > Services > Security > Security Monitoring.

• Portal > Service > Security > Security Monitoring