The Vulnerability Prevention page displays the vulnerabilities that can be exploited by network attacks and allows you to enable defense against these attacks. Security Center automatically detects the vulnerabilities and synchronizes the detection results to Cloud Firewall. You can activate Cloud Firewall and configure defense rules of the intrusion prevention system (IPS) to prevent the vulnerabilities from being exploited. This way, your assets are protected.

Background information

The Vulnerability Prevention page displays vulnerability detection results of the last one hour, one day, or seven days.Vulnerability Prevention

Limits

Enterprise Edition and Ultimate Edition of Cloud Firewall support the vulnerability prevention feature. Free trial edition and Premium Edition do not support this feature.

You cannot manually initiate vulnerability scans on the Vulnerability Prevention page.

Note You can click Update Prevention Status to synchronize the latest vulnerability scan results from Security Center to Cloud Firewall. If you want to manually initiate a vulnerability scan, go to the Vulnerabilities page in the Security Center console. For more information, see Quick scan.

Vulnerability statistics

  • Unprevented: the number of your vulnerable assets that are not protected by Cloud Firewall. Traffic to these assets does not pass through Cloud Firewall, or IPS blocking is not enabled for these assets.
  • Prevented: the number of your vulnerable assets for which Cloud Firewall is activated and IPS defense rules are configured. Cloud Firewall defends against the network attacks that exploit these vulnerabilities.
  • Applications: the number of vulnerable assets.
  • Intrusions Blocked: the number of times network attacks are blocked by Cloud Firewall after Cloud Firewall is activated and IPS defense rules are configured for your vulnerable assets.

Vulnerabilities that can be detected

  • Web CMS: website builder vulnerabilities that are detected by comparing vulnerability files with the vulnerability library. Common website builders are identified by monitoring website directories. For more information, see Web-CMS vulnerabilities.
  • Application: weak passwords of system services and vulnerabilities of system and application services. For more information, see Application vulnerabilities.
  • Emergency: emergency vulnerabilities that have been exposed on the Internet recently. For more information, see Urgent vulnerabilities.

Vulnerability status

  • Prevented: Cloud Firewall provides protection against the vulnerability.
  • Unprevented: Cloud Firewall does not provide protection against the vulnerability.
  • Partially Prevented: The vulnerability prevention feature is enabled for some ECS instances.

Procedure

  1. Log on to the Cloud Firewall console.
  2. In the left-side navigation pane, choose Intrusion Prevention > Vulnerability Prevention.
  3. On the Vulnerability Prevention page, view the vulnerability detection results.
    Vulnerability Prevention
    • Move the pointer over the More icon icon in the Affected Assets column. The IP addresses of servers that are exposed to the vulnerability are displayed.
    • Move the pointer over the More icon icon in the Status column. The ID of the IPS defense rule for the vulnerability is displayed. Built-in IPS defense rules have IDs. You can use a rule ID to query the rule details in the Customize Basic Protection Policies or Customize Virtual Patches Policies dialog box. To open the dialog box, choose Intrusion Prevention > Intrusion Prevention in the left-side navigation pane. Then, in the Advanced Settings section on the Intrusion Prevention page, click Customize for Basic Protection or Virtual Patches.
  4. On the Vulnerability Prevention page, select Unprevented from the All Vulnerabilities list, and click Enable Protection in the Operation column for all the filtered vulnerabilities.
    Vulnerability Prevention
  5. In the Enable Protection dialog box, click OK. In the message that appears, click ok to enable vulnerability prevention.
    Enable Protection
    After you enable vulnerability prevention, Cloud Firewall is activated for the IP addresses of the servers that are exposed to the vulnerability. The vulnerability status is updated within 2 minutes.
    Note After vulnerability prevention is enabled, existing access control policies take effect on the assets for which Cloud Firewall is newly activated. Make sure that traffic to the external ports of these assets is allowed. To allow the traffic, log on to the Cloud Firewall console, navigate to the Access Control page, and then click the Inbound Policies tab under the Internet Firewall tab.