SoftLayer provides an online Security Scanner, powered by the open source Nessus Scanning tool. This security scanner can be accessed under the Security tab by clicking on “scanner.” More information about the Nessus Scanning tool can be found on the Nessus website at http://www.nessus.org/nessus/
The “Scanner” page provides a list of hardware available to the Nessus tool hosted by SoftLayer. To scan a server, or to see the results of a previous scan, click the details link for the server you wish to inspect.
The vulnerability scanning details page shows a short summary of the server (containing the servername, the IP address that will be scanned, and the datacenter where the server is located.) The “Start Scan” will schedule your server with our Nessus scanning server to be vulnerability scanned as soon as possible.
Following the server summary is a table of current and past Nessus vulnerability scans. Listed for each scan is the date the scan was requested, the date the scan was started, the status of the scan, and if the scan has completed, a link to the Nessus report.
Nessus reports can have one of these status:
Scan Pending: The scan has been scheduled for the Nessus scanner box.
Scan Processing: The scan is currently in progress.
Generating Report: The scan has completed, and test results are being compiled into a report.
Scan Complete: The scan successfully completed and the vulnerability report has been generated.
Scan Cancelled: The Nessus scan was manually canceled by a SoftLayer technician.
For all successfully completed Nessus scans listed in this table, a report can be viewed by clicking the corresponding “View Report” link. The report has two tables: the first is the Scan Details table, which lists the number of hosts that were scanned, the number of open security vulnerabilities (“holes”) found, and the number of possible security vulnerabilities (“warnings”) found. The second table lists all the security issues found: the host that the vulnerability was found on, and a description of the possible vulnerability.
The open source Nessus tool is plug-in based, which allows new tests to be developed as vulnerabilities are found. SoftLayer updates the internal Nessus tool regularly, so regular scanning with the Portal security scanner is recommended to keep up to date with new threats.