Best practice rules for Alibaba Cloud ECS
- Apply Latest OS Patches
Ensure that the latest OS patches for ECS instances are applied.
- Check for Unrestricted RDP Access
Ensure that no security groups allow unrestricted ingress access on TCP port 3389 (RDP).
- Check for Unrestricted SSH Access
Ensure that no security groups allow unrestricted ingress access on TCP port 22 (SSH).
- Enable Encryption for Unattached Disks
Ensure that data encryption is enabled for all unattached ECS data disks.
- Enable Encryption for VM Instance Disks
Ensure that data encryption is enabled for virtual machine (VM) instance disks.
- Enable Endpoint Protection
Ensure that the latest OS patches for ECS instances are applied.