To ensure the security of your assets, we recommend that you scan your assets for vulnerabilities on a regular basis. This topic describes the types of vulnerabilities that can be detected and fixed by Security Center. This topic also describes how to run an automatic periodic scan task on your servers and manually perform vulnerability scan.
Vulnerabilities that can be detected and fixed
Web-CMS vulnerabilities that can be detected
Application vulnerabilities that can be detected
Server IP addresses of the web scanner
When you use Security Center to scan for application vulnerabilities and urgent vulnerabilities in your servers, Security Center simulates attacks that are launched from the Internet to scan your servers. Security Center only sends request packets, but does not perform malicious operations. If your servers are protected by a security protection or monitoring system, such as Web Application Firewall (WAF) or Secure Operations Center (SOC), we recommend that you add the server IP addresses of the web scanner to the whitelist in your security protection or monitoring system. This ensures that your scan tasks run as expected. You must add the following IP addresses to the whitelist in your security protection or monitoring system: 47.110.180.32, 47.110.180.33, 47.110.180.34, 47.110.180.35, 47.110.180.36, 47.110.180.37, 47.110.180.38, 47.110.180.39, 47.110.180.40, 47.110.180.41, 47.110.180.42, 47.110.180.43, 47.110.180.44, 47.110.180.45, 47.110.180.46, 47.110.180.47, 47.110.180.48, 47.110.180.49, 47.110.180.50, 47.110.180.51, 47.110.180.52, 47.110.180.53, 47.110.180.54, 47.110.180.55, 47.110.180.56, 47.110.180.57, 47.110.180.58, 47.110.180.59, 47.110.180.60, 47.110.180.61, 47.110.180.62, and 47.110.180.63.
The s0x.cn domain name is an auxiliary domain name used by Security Center to detect application vulnerabilities and urgent vulnerabilities, which operates independently of the whitelist settings.
Procedure
Log on to the Security Center console. In the top navigation bar, select the region of the asset that you want to manage. You can select China or Outside China.
In the left-side navigation pane, choose .
On the Vulnerabilities page, manually perform vulnerability scan or run an automatic periodic scan task on your servers.
Manually perform vulnerability scan: If you want to immediately check whether vulnerabilities exist in your servers, you can use the quick scan feature to scan your servers for vulnerabilities.
Before you perform quick scan, perform the following steps to check whether the required servers are added: Click Vulnerability Settings in the upper-right corner of the Vulnerabilities page. In the Vulnerability Settings panel, click Manage to the right of a vulnerability type.
On the Vulnerability Management page, click Scan now.
In the Vulnerability Scan dialog box, select the type of vulnerabilities for which you want to scan and click OK.
After a scan task is created, wait for at least 15 minutes before you can stop the scan task.
NoteIf you did not specify the servers on which the vulnerability scan task runs, the scan task runs on all assets that are protected by Security Center and is complete within 30 minutes. You can refresh the page to view the most recent scan results.
Run an automatic periodic scan task.
You can configure a scan cycle for an automatic periodic scan task. Then, Security Center runs the automatic periodic scan tasks to scan for vulnerabilities on your servers on a regular basis.
In the upper-right corner of the Vulnerability Management page, click Vulnerability Settings.
In the Vulnerability Settings panel, configure the parameters based on your business requirements. The following table describes the parameters.
Parameter
Description
Linux Software Vulnerability
Turn on or turn off the switches to enable or disable the scan for Linux software vulnerabilities, Windows system vulnerabilities, Web-CMS vulnerabilities, and urgent vulnerabilities. After you turn on a switch, you can click Manage on the right side to add or remove servers that you want to scan for the corresponding vulnerabilities.
Windows System Vulnerability
Web-CMS Vulnerability
Urgent Vulnerability
Application Vulnerability
Turn on or turn off the switch to enable or disable the scan for application vulnerabilities.
YUM/APT Source Configuration
Turn on or turn off the switch to specify whether to preferentially use YUM or APT sources of Alibaba Cloud to fix vulnerabilities.
Before you fix a Linux software vulnerability, you must specify a valid YUM or APT source. If you specify an invalid YUM or an APT source, the vulnerability may fail to be fixed. After you turn on the switch, Security Center automatically selects a YUM or APT source of Alibaba Cloud. This improves the success rate of vulnerability fixing. We recommend that you turn on YUM/APT Source Configuration.
Emergency vul(s) Scan Cycle
Specify the scan cycle for urgent vulnerabilities.
NoteOnly the Advanced, Enterprise, and Ultimate editions are supported. The default scan period is 00:00:00 to 07:00:00.
If your servers are deployed in a private network or urgent vulnerability detection is not required, you can set the Emergency vul(s) Scan Cycle parameter to Stop.
Your servers may be attacked in various ways. We recommend that you set the Emergency vul(s) Scan Cycle parameter to a value other than Stop. This way, Security Center detects urgent vulnerabilities on your servers in a timely manner.
Application Vul(s) Scan Cycle
Specify the scan cycle for application vulnerabilities.
NoteOnly the Enterprise and Ultimate editions are supported. The default scan period is 00:00:00 to 07:00:00.
Retain Invalid Vul for
Specify the number of days after which a detected vulnerability is automatically deleted.
If you do not handle a detected vulnerability and the vulnerability is no longer detected in multiple subsequent detection operations, the vulnerability is automatically deleted from the Vulnerabilities page after the specified number of days. If vulnerabilities of the same type are detected later, Security Center still generates alerts.
Vul scan level
Specify priorities for the vulnerabilities that you want Security Center to detect.
Security Center detects and displays only the vulnerabilities with the priorities that you specify. For example, if you select High and Medium, Security Center detects the vulnerabilities with the High and Medium priorities to fix.
Vulnerability Whitelist Settings
If you do not want Security Center to detect a vulnerability, you can click Create Rule to add the vulnerability to the vulnerability whitelist.
NoteAfter you create a vulnerability whitelist rule, you can modify the scope of the whitelist rule and delete the whitelist rule.
What to do next
View the progress of vulnerability scan
After you complete the configurations, Security Center scans your servers for vulnerabilities based on the configurations. You can click Task Management in the upper-right corner of the Vulnerability Management page to go to the Task Management page. Then, you can view the progress of the vulnerability scan. After the vulnerability scan is complete, you can click a tab on the Vulnerabilities page to view the most recent scan results.
View and handle vulnerabilities
After the vulnerability scan is complete, you can view and handle the detected vulnerabilities on the Vulnerability Management page. For more information, see View and handle vulnerabilities.