The Vulnerability Prevention page displays information about the vulnerabilities that can be exploited by cyberattacks. The vulnerabilities are automatically detected by Security Center and synchronized to Cloud Firewall. On this page, you can enable the firewalls of Cloud Firewall and configure the protection rules of the intrusion prevention system (IPS) to prevent the vulnerabilities from being exploited. This way, your assets are protected.

Prerequisites

Threat Engine Mode on the Prevention Configuration page is set to Medium, which is below Block Mode.
Note If Threat Engine Mode is not set to a value below Block Mode, the protection status of all vulnerabilities on the Vulnerability Prevention page is Alert Only. In this case, Cloud Firewall generates alerts on and records detected vulnerabilities, but does not block the attacks that exploit the vulnerabilities. For more information about Threat Engine Mode, see Working modes of the threat engine.

Limits

  • The Premium Edition, Enterprise Edition, and Ultimate Edition of Cloud Firewall support the vulnerability prevention feature. The Basic Edition does not support this feature.
  • Vulnerability scans on the Vulnerability Prevention page are automatically started. You cannot manually start the scans.
    Note You can click Update Prevention Status to synchronize the latest vulnerability scan results from Security Center to Cloud Firewall. If you want to manually start a vulnerability scan, go to the Vulnerabilities page in the Security Center console. For more information, see Use the quick scan feature.

Supported types of vulnerabilities for detection

  • Web-CMS vulnerabilities: website builder vulnerabilities that are detected by comparing vulnerability files with the vulnerability library. Common website builders are identified by monitoring website directories. For more information, see View and handle Web-CMS vulnerabilities.
  • Application vulnerabilities: weak passwords of system services and vulnerabilities of system and application services. This type of vulnerability can be fixed by the vulnerability prevention feature. For more information, see View and handle application vulnerabilities.
  • Urgent vulnerabilities: urgent vulnerabilities that are detected on the Internet recently. This type of vulnerability can be fixed by the vulnerability prevention feature. For more information, see View and handle urgent vulnerabilities.

Supported protection states of vulnerabilities

  • Blocked: The attacks that exploit vulnerabilities are blocked by Cloud Firewall.
  • Alert Only: Cloud Firewall detects a vulnerability and generates alerts on the vulnerability. However, Cloud Firewall does not block the attacks that exploit the vulnerability.
  • Partially Prevented: The vulnerability prevention feature is enabled for some of your Elastic Compute Service (ECS) instances.

Procedure

  1. Log on to the Cloud Firewall console.
  2. In the left-side navigation pane, choose Intrusion Prevention > Vulnerability Prevention.
  3. On the Vulnerability Prevention page, view the results of vulnerability scans performed by Cloud Firewall on your assets.

    The Vulnerability Prevention page displays the results of vulnerability scans from the last one month, one day, or seven days.

    Vulnerability Prevention page
    • Move the pointer over the More icon icon in the Vulnerable Asset column. Then, you can view the IP addresses of servers that are exposed to the vulnerability. Vulnerable Asset
    • Attack: the total number of attacks that exploit the vulnerability on your assets.
    • Protection Status: the method that Cloud Firewall uses to handle the attacks that exploit the vulnerability. The following states are supported:
      • Blocked: The attacks that exploit vulnerabilities are blocked by Cloud Firewall.
      • Alert Only: Cloud Firewall detects a vulnerability and generates alerts on the vulnerability. However, Cloud Firewall does not block the attacks that exploit the vulnerability.
      • Partially Prevented: The vulnerability prevention feature is enabled for some of your Elastic Compute Service (ECS) instances.
    • Details: Click Details to go to the Vulnerability and Protection Details page. On this page, you can view the details of the vulnerability, such as the name, CVE ID, risk level, and affected assets.
  4. On the Vulnerability Prevention page, search for the vulnerabilities that are in the Alert Only state. Then, click Enable Prevention in the Actions column.
    After vulnerability prevention is enabled, Cloud Firewall automatically enables the firewalls on your vulnerable assets. It requires 1 to 2 minutes for the protection status of vulnerabilities to be updated.
    Note After vulnerability prevention is enabled, existing access control policies take effect on the assets on which firewalls are newly enabled. Make sure that the traffic on the external ports of these assets is allowed. To allow the traffic, log on to the Cloud Firewall console, go to the Access Control page, and then click the Inbound Policies tab under the Internet Firewall tab.