NAVER CLOUD PLATFORM

Security FAQs

Frequently asked customer inquiries about security are provided as FAQs.

Frequently asked questions from customers' actual use of the cloud security services are provided as FAQs.

I want to use the Security Monitoring product. How do I request subscription to the service?
1. To use the Security Monitoring product, you're required to "Agree to Terms and Conditions."
- www.ncloud.com > Login > Introduction > Security center > Security notice > Data > Download Security Monitoring service request form

2. Please fill out and submit the Security Monitoring service request form in consideration of the platform and solution you're using.

3. Once you've filled out the request form, upload the request form through www.ncloud.com > Service > Security > Security Monitoring > Contact us and submit the request.

The request forms are divided into Classic platform (V1) and VPC platform (V2), and customer using the Classic and VPC platforms at the same time must fill out the request form for each platform and submit the request for both.
I've requested subscription to the Security Monitoring product. How can I check it has been applied?
When the subscription request for the Security Monitoring product has been properly received, it takes some time to review the content of the request form and the customer's resources (infrastructure). NAVER Cloud Platform provides the service within 5 business days from the date of receipt of the request form. However, in some cases, the provision schedule may slightly change in the process of checking the customer's infrastructure environment.

Once the service application is completed, the application status is sent to the email the request form was submitted with, and you can check the events for each product through Console > Security Monitoring > Dashboard.
The asset to be protected has been changed during the use of the Security Monitoring product. What do I have to do?
If there is a change in the resource to be protected for each product, then please make a request for the change again with the Security Monitoring service request form. If the protection target is changed without request, proper service may not be provided. Also, the usage fee for Security Monitoring is charged regardless of the server suspension. If you don't want to pay, then please terminate the Security Monitoring contract with the server suspension.
How can I request exceptions for events detected and blocked in the Security Monitoring product?
If the detected security events were by normal communication or internal developer IP, you can request exceptions for the detected attacker IP.
You can request it to the operation manager through www.ncloud.com > Console > Security Monitoring > Dashboard > "Request exception" of detected events in each product.
You can also "Request exception" through [Support > Contact us].


Related resources
· [Security Monitoring - Basic Guide]
· [Security Monitoring - Managed Guide]
I want to change the recipient of the Security Monitoring's monthly report. What do I have to do?
The monthly report is sent based on the email information of the report recipient written in the Security Monitoring service request form. If you need to change the recipient of the monthly report, then you can change the recipient email information in the service request form and request it through [Support/FAQ > Contact us].
I want to cancel the Security Monitoring product. What do I have to do?
If you want to cancel the Security Monitoring product, then you can request product cancellation through www.ncloud.com > Console > Security Monitoring > Subscription > Learn more about the product > Contact us. NAVER Cloud Platform manager will then review the cancellation request information and contact you separately.
What is IDS in Security Monitoring?
It is a security solution that detects malicious attacks attempted on customer service that are open to the public. It is categorized into IDS (V1) and IDS (V2) according to the platform environment.
IDS (V1) is a service provided in the Classic environment, and IDS (V2) is a service provided in the VPC environment. The IDS service helps you run services securely by monitoring them 24/7.


※ Services provided by IDS
1. Delivery of detection and analysis report in the event of a security incident
2. Constant configuration of detection policies and application of pattern updates for the latest attacks
3. Provision of exception handling upon customer request
4. Provision of weekly/monthly reports


Related resources
· [Security Monitoring product introduction]
What is the Anti-DDoS service in Security Monitoring?
Distributed Denial of Service (DDoS) attack is a type of attack that prevents the customer's service from being operated normally. Anti-DDoS helps realize stable operation of the customer's service by detecting/blocking DDoS attacks intruding the customer's service.


It is categorized into Anti-DDoS (V1) and Anti-DDoS (V2) according to the platform environment. Anti-DDoS (V1) is a service provided in the Classic environment, and Anti-DDoS (V2) is a service provided in the VPC environment.


It can detect attacks quickly and accurately with the full packet analysis method.
Anti-DDoS only supports the defense of L4 layer attacks for encrypted packets. (It does not support the defense of L7 layer attacks.)
The Anti-DDoS service helps you run services securely by monitoring them 24/7.


※ Services provided by Anti-DDoS
1. Protection from various types of DDoS attacks through multi-level filters
2. Detection of attacks with a separate policy by creating a specialized protection zone for each customer
3. Support for analysis of customer-specific attacks and creation/registration of blocking rules
4. Separate management of source IP (NAT IP) which causes normal mass traffic and prevention of false detections
5. Provision of customized threshold settings through learning
6. Provision of weekly/monthly reports


Related resources
· [Security Monitoring product introduction]
What is WAF in Security Monitoring?
Web Application Firewall (WAF) is a security solution that detects and blocks attack traffic by monitoring web-based (HTTP/HTTPS) traffic.
It is categorized into WAF (V1) and WAF (V2) according to the platform environment. WAF (V1) is a service provided in the Classic environment, and WAF (V2) is a service provided in the VPC environment.


※ Services provided by WAF
1. Detection and Blocking of OWASP top 10 attacks
2. Detection and blocking of top 8 vulnerabilities selected by National Intelligence Service of Korea
3. Detection and blocking of XSS/CSRF/injection
4. Prevention of cookie tampering and theft
5. Configuration and management of blocking policies suitable for customer environment
6. Provision of IP/URL exception features
7. Provision of periodic security policy updates
8. Identification of blocking information on the NAVER Cloud Platform MC console and provision of dashboard
9. Provision of weekly/monthly reports


Related resources
· [Security Monitoring product introduction]
What are the precautions when requesting the WAF (V2) service in Security Monitoring?
WAF (V2) configures and provides a separate WAF platform for each customer with the reverse proxy method.


WAF (V2) provides a security monitoring and blocking service for HTTP/HTTPS traffic, and it can be applied to customer services that use the Application Load Balancer product. For the monitoring of HTTPS services, a SSL certificate needs to be installed on WAF LB, and the certificate for the customer's service also needs to be delivered upon service subscription.


For the provision of the WAF (V2) service, CNAME of the customer service domain needs to be modified to WAF LB to direct the traffic to WAF. Thus, it can only be applied to services that have service domains. (After configuration of the WAF platform, the WAF LB domain information to be registered in CNAME is delivered to the customer.)
What is anti-virus in Security Monitoring?
It supports the stable operation of the customer's service by detecting, isolating, and deleting malicious code in real time on servers being operated by the customer. It is categorized into anti-virus (V1) and anti-virus (V2) according to the platform environment. Anti-virus (V1) is a service provided in the Classic environment, and anti-virus (V2) is a service provided in the VPC environment.


※ Services provided by anti-virus
1. Isolation and deletion of virus/spyware
2. Provision of detection reports in the event of suspected malware
3. Provision of server anti-virus for Windows/Linux OS
4. Provision of exception handling for specific files/folders
5. Automatic update of latest detection patterns
6. Identification of detection information on the NAVER Cloud Platform MC console and provision of dashboard
7. Provision of weekly/monthly reports


Related resources
· [Security Monitoring product introduction]
What is IPS in Security Monitoring?
IPS in Security Monitoring is categorized into IPS (V1) and IPS (V2) according to the platform environment. IPS (V1), provided in the Classic environment, detects and blocks malicious attacks by monitoring all incoming traffic into the customer's service in real time. IPS (V2), provided in the VPC environment, monitors host-based inbound and outbound traffic to detect and block suspicious activities. IPS helps you run services securely by monitoring them 24/7 and blocking attacks in real time.


※ Services provided by IPS (V1)
1. Detection and blocking of malicious traffic through real-time traffic analysis
2. Provision customer-specific blocking policies
    - Signature-based defense
    - Application defense
    - Protocol-based defense
    - Domain block
    - Harmful sites/URL-based block
3. Provision of exception handling based on patterns
4. Provision of exception handling for IP blocking
5. Periodic update of IPS detection and blocking policies
6. Identification of blocking information on the NAVER Cloud Platform MC console and provision of dashboard
7. Provision of weekly/monthly reports


※ Services provided by IPS (V2)
1. Provision of customized policy blocking features by OS, application, and server purpose
2. Provision of virtual patching: Protects VMs from zero-day attacks by protecting the system until the vulnerable version of the application is patched
3. A feature to detect and defend attack packets using web application vulnerabilities such as SQL injection, cross-site scripting (XSS), etc.
4. Periodic update of IPS detection and blocking policies
5. Protection of VMs from vulnerabilities by periodically scanning host applications and applying detection policies
6. Identification of blocking information on the NAVER Cloud Platform MC console and provision of dashboard
7. Provision of weekly/monthly reports
※ IPS can't detect and analyze encrypted packets. However, you can detect and analyze encrypted traffic when using the SSL offloading feature of the Load Balancer product.


Related resources
· [Security Monitoring product introduction]
Where can I download the SSL-VPN agent?
The SSL-VPN agent is categorized into the agent for Windows users and the agent for Mac users.


- Windows agent: www.ncloud.com > Guide center > Guide > Security > SSL VPN > Download SSL VPN Windows agent
- Mac agent: www.ncloud.com > Guide center > Guide > Security > SSL VPN > Download SSL VPN Mac agent
Can I use SSL VPN right after creating it?
For the SSL VPN service in the Classic platform, you can access internal servers from the external PC right away when you register the ID after requesting subscription. However, the access is allowed once you add the assigned SSL VPN IP pool to the ACG rule for the servers to be accessed via SSL VPN from the outside.


For the SSL VPN service in the VPC platform, it may take about 2 business days from requesting subscription to availability. You need to add the assigned SSL VPN IP pool as the SSL VPN route to the route table of the subnet that will communicate with the ACG rule to allow smooth access.


Related resources
· [SSL-VPN Guide Classic]
· [SSL-VPN Guide VPC]
The SSL VPN is not working in a specific local PC. What do I have to do?
When operation on a specific PC is unavailable, you can suspect one of the following causes:
1. False detection by the security programs (anti-virus, ActiveX from banks, etc.) installed on the user's PC
2. Termination from an attempt to change the routing by a specific program (other SSL VPN, proxy, etc.) executed on the user's PC
3. Malfunction of the SSL VPN client


The solutions are as follows:
1. Reinstallation of the SSL VPN client (delete Edge Client from the Control Panel and install it again)
2. Quit/delete any newly installed programs


If the issue persists, even after taking the above measures, then please send the error through [Support/FAQ > Contact us], including the screenshot that shows the message on the client, ID used for the login, and the access time, and we will look into it.