Skip to content
flexiOPS edited this page Dec 13, 2016 · 9 revisions

The BEACON Scanner/Firewall suite is a series of Java based executables which interface with the Openvas security scanner in order to automatically scan newly created VMs, and apply firewalls to these VMs.

These applications provide a solution across multiple cloud platforms to gain an understanding of current security vulnerabilities, and also to establish a security baseline through the means of a firewall. Upon completion of a security scan, the VM owner is emailed a Vulnerability report. This report consists of the security vulnerabilities detected on the VM, and the level of threat they pose to security. After this report is sent, the application builds a firewall inside the cloud platform the VM is located on, and applies this firewall directly to the VM.

The main platforms currently supported are:

-Flexiant Cloud Orchestrator (FCO) -Openstack (Nova) -Open Nebula

The main application used to perform this task is the VulnerabilityScanner. This is a runnable JAR file which interfaces with and automatically instructs the Openvas Scanner to perform security scans on a VM. After the security scan is complete, this application will then apply a firewall to the VM directly using the platform on which the VM is hosted. Deeper scans on a user level can also be conducted, if a username/password combo is received by the VulnerabilityScanner JAR. This can provide a much more details Vulnerability report, as the individual packages installed on the VM are thoroughly checked for any security issues.

FCOExectuable is another runnable JAR file which is used to forward VM details to the VulnerabilityScanner. This is done by passing arguments, such as the UUID of the server, the I.P of the server and the email address of the VM owner.