The Vulnerability Prevention page displays information about the vulnerabilities that can be exploited by cyberattacks. The vulnerabilities are automatically detected by Security Center and synchronized to Cloud Firewall. On this page, you can enable the firewalls of Cloud Firewall and configure the protection rules of the intrusion prevention system (IPS) to prevent the vulnerabilities from being exploited. This way, your assets are protected.
Prerequisites
Note If Threat Engine Mode is not set to a value below Block Mode, the protection status
of all vulnerabilities on the Vulnerability Prevention page is Alert Only. In this case, Cloud Firewall generates alerts on and records detected vulnerabilities,
but does not block the attacks that exploit the vulnerabilities. For more information
about Threat Engine Mode, see Working modes of the threat engine.
Limits
- Premium Edition, Enterprise Edition, and Ultimate Edition of Cloud Firewall support vulnerability scans. Free Edition of Cloud Firewall does not support vulnerability scans.
- Vulnerability scans on the Vulnerability Prevention page are automatically started.
You cannot manually start the scans.
Note If you want to manually start a vulnerability scan, go to the Vulnerabilities page in the Security Center console. For more information, see Use the quick scan feature.
- The intrusion prevention feature of Cloud Firewall cannot parse the traffic that is encrypted by using SSL or Transport Layer Security (TLS). Therefore, this type of traffic cannot be detected or protected.
Supported types of vulnerabilities for detection
- Web-CMS: website builder vulnerabilities that are detected by comparing vulnerability files with the vulnerability library. Common website builders are identified by monitoring website directories. For more information, see View and handle Web-CMS vulnerabilities.
- Application: weak passwords of system services and vulnerabilities of system and application services. This type of vulnerability can be fixed by the vulnerability prevention feature. For more information, see View and handle application vulnerabilities.
- Emergency: urgent vulnerabilities that are detected on the Internet recently. This type of vulnerability can be fixed by the vulnerability prevention feature. For more information, see View and handle urgent vulnerabilities.
Supported protection states of vulnerabilities
- Blocked: The attacks that exploit vulnerabilities are blocked by Cloud Firewall.
- Alert Only: Cloud Firewall detects a vulnerability and generates alerts on the vulnerability. However, Cloud Firewall does not block the attacks that exploit the vulnerability.
- Partially Prevented: The vulnerability prevention feature is enabled for some of your Elastic Compute Service (ECS) instances.
Procedure
- On the Vulnerability Prevention page, view the results of vulnerability scans performed by Cloud Firewall on your
assets.
The Vulnerability Prevention page displays the results of vulnerability scans from the last one month, one day, or seven days.
- Move the pointer over the
icon in the Vulnerable Asset column. Then, you can view the IP addresses of servers that are exposed to the vulnerability.
- Attack: the total number of attacks that exploit the vulnerability on your assets.
- Protection Status: the method that Cloud Firewall uses to handle the attacks that exploit the vulnerability.
The following states are supported:
- Blocked: The attacks that exploit vulnerabilities are blocked by Cloud Firewall.
- Alert Only: Cloud Firewall detects a vulnerability and generates alerts on the vulnerability. However, Cloud Firewall does not block the attacks that exploit the vulnerability.
- Partially Prevented: The vulnerability prevention feature is enabled for some of your Elastic Compute Service (ECS) instances.
- Details: Click Details to go to the Vulnerability and Protection Details page. On this page, you can view the details of the vulnerability, such as the name, CVE ID, risk level, and affected assets.
- Move the pointer over the