Comodo HackerGuardian User Guide
Contents
1. HTTP Account The PASS is the variable for HTTP Account field which is used as the password for specified login name in ACCOUNT field This is used for authenticating the HTTP server on the target Nessus will use this information to authenticate to the HTTP server before performing testing e HTTP Password sent In clear The USER is the variable for HTTP Account field which is used as the login name for authenticating the HTTP server on the target Nessus will use this information to authenticate to the HTTP server before performing testing e NNTP account NNTP account option specifies the username of the NNTP account used to login to the target for NNTP testing e NNTP password sent in clear NNTP password option specifies the password of the NNTP account used to login to the target for NNTP testing e FTP account FIP account option specifies the username of the FTP account used to login to the target for FTP testing Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 29 C e a M e O D e O www enterprise comodo com El Creating e FTP password sent in clear FTP password option specifies the password of the FTP account used to login to the target for FTP testing e FTP writeable directory During FTP testing the scanner tries to detect writable directories and or upload test files to the FTP server The directory specified here will be used as the uploa2. 2 7 11 Hydra SAP R3 This option enables integration with the THC Hydra network authentication brute force cracker Enabling this option will cause Hydra to attempt to brute force crack LDAP authentication Plugin Preferences Hydra Postgres Client ID between O and 99 null Hedra SABES Client ID between O and 93 rull Hydra SMB Karbarsz configuration Client ID between and 99 n 2 7 12 Hydra SMB This option enables Nessus integration with the THC Hydra network authentication brute force cracker Enabling this option will cause Hydra to attempt to brute force crack SMB SAMBA Windows file sharing authentication Plugin Preferences Hydra SME Hydra Postgres Check local domain accounts Hydra SAP RS Hydra SMB Kerberos configuration Login configurations O Either Misc info rmation on News seruer O Local accounts Domain Accounts O Interpret passwords as HTLM hashes Hessusg TCP scanner Hikto NASL wrapper Check local domain accounts Oracle settings e no Ping the remote host LI Interpret passwords as HTLM hashes AAT ee zm 2 7 13 Kerberos configuration This test lets a user enter information about the Kerberos server which will be queried by some scripts SMB at this time to log into the remote hosts Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 28 C 0 M 0 D O Creating 2
3. SSH settings Unknown CGIs arguments torture Unix Compliance Checks Send POST requests Send POST requests Send POST request During testing Nessus will attempt to identify CGls on the target web server and send arguments to those CGls to test for vulnerabilities However if Nessus is not able to accurately identify a particular CGI on the target web server it does not always know what arguments the CGI will or will not accept Enabling this option will cause Nessus to blindly send various POST requests to unidentified CGls in an attempt to discover vulnerabilities 2 7 28 Web mirroring Plugin Preferences Web mirroring EA Humber of pages to mirror 200 Mikto MASL wrapper Oracle settings Ping the remote host Number of pages to mirrors mone SMB Scope SME use host SID to enumerate local users Start page F Humber of pages to mirror Basic SMTP settings Humber of pages to mirror Long URL SHME settings SSH settings Services Start page no Unknown CGIs arguments torture Web mirroring Windows File Contents Compliance Cheeks Number of pages to mirror During HTTP testing Nessus will attempt to mirror pages from the target web server This option specifies the number of unique pages that Nessus should attempt to mirror e Start page During HTTP testing Nessus will attempt to mirror pages from the target web server This option specifies the
4. All Services Do I need to allow the HackerGuardian scanning IP address In order for the HackerGuardian scan to be successful your firewall must be set to allow the IP address the scan is coming from The IP address that we scan from is 67 51 175 32 28 All Services signed up and got the following message No vulnerabilities were found and the host did not respond to any of our checks what does this mean This can mean one of two things Either 1 The host is currently unreachable It could be that the host is unreachable because of a problem with your server Quite often however it is because your firewall is denying access to the HackerGuardian scanner In order for the HackerGuardian scan to be successful your firewall must be set to allow the IP address the scan is coming from The IP address that we scan from is 67 51 175 32 28 Or 2 No services are available on the host and it is secure Free Scan Can I change the IP address that the Free Scan tests No the Free Scan can only scan the IP address of the machine that you sign into the HackerGuardian website from If you need to scan specific IPs or websites then you should consider purchasing one of following HackerGuardian PCI Scan Compliancy HackerGuardian PCI Scan Compliancy Enterprise Scan Compliancy have a dynamic IP assigned by my ISP Can still use HackerGuardian No It is not possible to use the Scan Control Service unless you have a static
5. What are the compliance validation reporting requirements for merchants To whom does the PCI regulations apply What is defined as cardholder data What if a merchant or service provider does not store cardholder data Are there alternatives or compensating controls that can be used to meet a requirement Are there alternatives to encrypting stored data What are the compliance validation reporting requirements for merchants Do merchants need to include their service providers in the scope of their review What is a network security scan How often do have to scan What reports are provided by HackerGuardian scanning service What criteria causes a Pass or Fail on a PCI scan What if fail the PCI scan Where can find and complete the Self Assessment Questionnaire Where can find a PCI Approved Scanning Vendor capable of providing quarterly PCI vulnerability scans What s the deadline for compliance When must begin using the new PCI standards What are the penalties for non compliance with the PCI standards Make it easy for me What do have to do to become compliant What is PCI DSS The Payment Card Industry Data Security Standards PCI DSS are a set of 12 requirements developed jointly by Visa MasterCard JCB International Discover and American Express to prevent consumer data theft and reduce online fraud The PCI DSS represents a multifaceted standard that includes requirements for secu
6. False Positives E View Report Site Inspector Scanning View Report Licensing Next you need to tell HackerGuardian which domain s and IP addresses you wish to use li Add Device to Scan In order to run a PCI or and HackerProof Sitelnspector scan you must first create a Device A HackerGuardian Device is an umbrella term that describes a grouping of IP addresses and or domains that are to be used as the target for a PCI HackerProof or Sitelnspector scan HackerGuardian Devices can be used to mirror a real life device For example a single machine in your organization s infrastructure may have multiple IP addresses and domains which host different services The PCI DSS guidelines state that all these IP addresses and services must be scanned By associating multiple IP addresses and domains to a single HackerGuardian Device you can simulate your real life device and scan it for PCI compliance in one pass All customers must create a device before PCI HackerProof or Sitelnspector scanning can commence e PCI Customers When creating a device HackerGuardian requires that you specify all the IP addresses belonging to your target server host or other device e HackerProof Sitelnspector Customers When creating a HackerGuardian device you need to specify the domain name of the website which you would like to display the HackerProof logo on Click on Add Device button in the Scan Manager section as
7. Comodo has simplified this often confusing process with the launch of the HackerGuardian PCI Compliance Wizard The intuitive web based application guides merchants through every step of the PCI Self Assessment Questionnaire Each question is accompanied by expert advice to help the merchant interpret and appropriately answer each question At the end of the wizard you will find out immediately whether or not your answers qualify your organization as PCI compliant The wizard will provide e A Questionnaire Summary Listing security control areas on which you failed compliance Acustom Remediation Plan for your company containing e A comprehensive list of remedial actions that you need to take to attain full PCI compliance e A remediation planning tool enabling task prioritization and project management e Links to recommended products and services that will help you cost effectively resolve non compliant areas e A ready to submit PCI DSS Self Assessment Questionnaire Your progress is automatically saved after each question allowing you to log out and return at a later date to complete the questionnaire Your free account and responses are retained giving you an opportunity to revise and modify any of your answers This also allows you to update schedule and track the progress of outstanding remediation tasks Click here to begin the wizard What are the compliance validation reporting requirements for merchants Under the new PCI stand
8. 2963 of 3032 Plugins Selected 3 EY New plugins released but not yet enabled This is a deliberate feature to ensure administrators keep the maximum control and knowledge over which tests are used against their servers To enable all the new tests click E at the head of the Plug in Family section Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 23 C eL M eL D O www enterprise comodo com Creating You are logged in as TestUser 23570 of 23570 Plugins Selected Plugin Family Te d Als Local Security Checks 3032 69 of 3032 Plugins Fa le New plugins enabled Click Save to record your preferences 2 7 Set Preferences The Set Preferences area allows the user to configure the scanning options of particular vulnerability tests login and password details for target servers and services and other general options regarding the HackerGuardian scan engine Plugin Preferences PEI Scanning Plugin Preferences Cleartext protocols settings B Retest Security Items Cleartext protocols settings Comodo Web mirroring User narum 1 oy set ptione K Set Plugins Password unsafe v Try to perform patch level checks over t Sot Preferences I UTTe login nana Try to perform patch level checks over rs wi Emai Alert Options Hydra NASL wrappers options Try to perform patch level checks over r EB schedule Scan ml False Posrhves 53 view Raport Dail
9. C e O e M e 0 D e www enterprise comodo com El Creating Free domains Text Shows the total number of domains you can add this depends on your license type Status Control Shows the status of domain validation option available only after adding a domain Move Control Enables administrator to move the domain to other device option available only after adding a domain Remove Domain Control Enables administrator to remove the domain option available only after adding a domain NOTE If an administrator removed domain and wish to add it again revalidation of the domain is required Add IPs Text field Enter the IP addresses you wish to associate with the device and click Add button next to it Total IPs Text Shows the total number of available for adding IP addresses this depends on your license type Free IPs Text Shows the total number of IP addresses you can add this depends on your license type Allows the administrator to save and add the device to the Scan Manager section Control Cancel Control Allows the administrator to cancel adding of device CD D lt D Enter a friendly name for the device Check the box next to PCI Scan Enabled Device Mame example device PCI Scan Enabled e Add Domain enter domain name and click Add button next to it This field is optional for PCI scan you can add only IP address for PCI compliance scan Comodo HackerGuardi
10. If no vulnerabilities with a CVSS base score greater than 4 0 are detected then the scanned IP addresses hosts and Internet connected devices have passed the test and the report can be submitted to your acquiring bank If the report indicates Non Compliant then the merchant or service provider must remediate the identified problems and re run the scan until compliancy is achieved What if fail the PCI scan If your HackerGuardian PCI Scan Compliance Report indicates NOT COMPLIANT then vulnerabilities with CVSS base score greater than 4 0 were discovered on your externally facing IP addresses The accompanying Audit Report contains a detailed synopsis of each vulnerability prioritized by threat severity Each discovered vulnerability is accompanied with solutions expert advice and cross referenced links to help you fix the problem You should fix all vulnerabilities identified as a Security Hole Furthermore each report contains a condensed PCI specific Mitigation Plan a concise bulleted list of actions that you need to take to achieve compliance After completing the actions specified in the Mitigation Plan you should run another scan until the report returns a COMPLIANT status Where can find and complete the Self Assessment Questionnaire HackerGuardian in partnership with Panoptic Security provide a free wizard that guides merchants and service providers through each stage of self assessment questionnaire More de
11. Souros port 3993 Timing policy Nikto MASL wre e Aute neszus specific O Rorroal Q Inzane OQ Aggressive Ping the remote host MA Soone O Falite SMB use host SID to enumerate local users sneaky SMTP settings Paranoid O Cuztem SNMP setings SSH settings Unix Compliance Checks Host Timeout mel Min RTT Timeout rs Max RTT Timeout ms i Unknown CGIs arguments torture Web mirroring Initial ATT timeout rns Parte scanned im parallel mas Ports scanned in parallel min Minimum wait between pr ebe m g File containing grepable results ID O Do not scan targets not in the fila T Run dangerous port scans even if sale checks are sel e Connect If the nmap port scanner is selected this option uses the TCP connect method for the port scan This option is similar to the Scan Options Port Scanner TCP connect scan option Enabling either option will generate the same results The only difference is that this option uses nmap to port scan while the other option does the port scan directly from Nessus Enabling both options is not necessary it would simply cause the target host to be port scanned twice Doing so would also make the scan take significantly longer to complete e SYN scan If the nmap port scanner is selected this option uses the SYN scan method for the port scan This option is similar to the Scan Options Port Scanner SYN scan generate the sa
12. 1 B New 3 O Current 10 Risks by Severity gives the information regarding the security holes found security warnings and security notes In the table you can see number of it trend and percentage proportion in diagram Hisks by Category gives the information regarding the categories In the table you can see number of failed tests in each category trend and percentage proportion in diagram Hisks by Status gives the information regarding the status In the table you can see number of Fixed Removed failed tests new and stayed without changes and percentage proportion in diagram The Scan History section gives all the information regarding the Date you scanned the IP with number of hosts audited also with a Risk Factor Comparison which helps you to compare the risk level you had before with now Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 02 C z O M O M D M O www enterprise comodo com Creating E Scan History Plugins Used 0 04 04 20 04 18 05 24 05 24 05 07 06 21 07 28 08 13 09 02 11 Date a Plugins m Notes m wWamings m Holes Plugins Used U 04 04 20 04 18 05 24 05 24 05 07 06 21 07 28 08 13 09 02 11 Date a Plugins a Service detection p Web Servers a Firewalls a General a CGI abuses SES 2 11 5 Executive Summaries Executive summaries are a condensed view of the information available by viewing reports in
13. Both Individual Audit Reports and PCI Compliance Reports can be converted into PDF format by clicking the icon in the upper right hand corner see below 2 11 2 Individual Audit Reports To view an individual report click on the particular IP address listed under the Targets column TO SIE AN INDIFIDUAL REPORT CLICK ON THE Detailed Report LINK LISTED UNDER THE Reports COLUMM D n End Year Month Day Request Stark Time End Time Audit Tim Tim Select a report to view Start Year Month Ch Device Name Status PCI Compliance Reports Targe Compliant L vn mydomain 2008 10 152008 10 152008 10 ia zr PCI com 13 21 36 13 21 40 13 22 14 0 94 Q Finished compliance O The following screen with the summary appears Audit Report Table of content summary List of devices scanned Open Ports Host vaur IP addrezz Mitigation Plan uA ad E 2 11 3 Individual Audit Reports In Detail 2 11 3 1 Summary Section Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 43 C eL M eL D O www enterprise comodo com Creating Plugins Available Plugins Used 23228 a Available Used 23570 Options safe checks yes Netstat scanner no Exclude toplevel domain wildcard host yes Optimize test no Time started 2006 10 15 AD at 21 46 34 2 A 1 Time finished 2008 10 15 AD at 22
14. Following a successful scan no vulnerabilities with a CVSS base score greater than 4 0 merchants are provided with an official PCI compliance report that can be sent to an acquiring bank The Standard version enables merchants to run 10 PCI scans per quarter on up to 5 IP addresses using the full complement of over 24 000 individual vulnerability tests The Enterprise version is a more powerful and flexible service which provides for up to 100 scans per quarter on 20 IP addresses The IP range that HackerGuardian scans originate from is 67 51 175 32 28 Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 5 C O M O D www enterprise comodo com Creating E 1 3 Free Vulnerability Scan Available to website owners network operators and home users free of charge Registering for the service enables users to run a HackerGuardian vulnerability audit on a single IP to identify potential security threats The Free service is limited to 3 scans per license on a single IP and is non user customizable 2 PCI Scanning Service 2 1 Starting up with HackerGuardian PCI Scanning Service i Login To HackerGuardian First step in configuring HackerGuardian PCI Scanning Service is to log into the online interface at nttp www hackerguardian com Enter the username and password you created during sign up in the Secure Account Login box Account Login Login to my HackerGuardian Account select You
15. Intervals Scan is performed between once in every specified days If specified 2 then the scan is performed in alternative days The scan would be performed automatically in the specified time and also specified period of time To schedule the scan you need to select the device from the right hand column box which would be displayed in Targets e Click Save after device is selected to scan The schedule would be saved in the Schedule Options and scan is performed on the appropriate date and time you specified False Positives This section contains all false positive issues that you submitted when reviewing the results of some scan A false positive exists when HackerGuardian incorrectly detects a Security Hole vulnerability with a CVSS base score greater than 4 0 or if compensating controls exist elsewhere in the network s security infrastructure to offset or nullify the vulnerability Administrators have the ability to submit suspected false positives to Comodo from with the security advisory itself Click here for more details Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 39 C e O M e O D e O www enterprise comodo com Creating False Positives Accept reject ID Date Host Notes Status POSSON 2008 10 16 test false 80 15 49 14 838 11 111 111 11 positive Marked One item found 1 Section Specific Controls False Positives Menu Element Description ERN Displays the
16. policy Selecting this option causes Nessus to run some network tests on the target attempting to discover its response characteristics Based on these tests Nessus will create a custom Nmap timing policy for the target Normal If the nmap port scanner is selected this option enables the Normal timing policy for the port scanning Insane If the nmap port scanner is selected this option enables the Normal timing policy for the port scanning e Aggressive If the nmap port scanner is selected this option enables the Normal timing policy for the port scanning e Polite If the nmap port scanner is selected this option enables the Polite timing policy for the port scanning e Sneaky If the nmap port scanner is selected this option enables the Sneaky timing policy for the port scanning e Paranoid If the nmap port scanner is selected this option enables the Paranoid timing policy for the port scanning e Custom If the nmap port scanner is selected this option enables a custom timing policy for the port scanning e Host Timeout ms When the Custom Timing Policy is selected for the nmap port scanner this option specifies the amount of time Nmap is allowed to spend scanning a single host before giving up on that IP The default timing mode has no host timeout e Min RTT Timeout ms When the Custom Timing Policy is selected for the nmap port scanner this option specifies the minimum round tr
17. Proof Status Prool Compliance Enabled P Enable T Set Options No Device has been added KA Set Plugins Set Preferences Add Device L Email Alert Options Start Stelnspector Scan Seet P Scan Start Custom S 3 Fill out the form that appears Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 12 C e O e M e O D e O www enterprise comodo com Creating Add Edit Devices You are logged in as Testllser E Logout Add Ed ft Devices PCI Custam Scan Enabled L Hacker Praaf Enabled Site Inspector Enabled Add Domain Add IPs Use 193 168 10 to specify subnets Total domains 2 Total IPs 26 Free domains 0 Free IPs 20 Add Edit Device Form Parameters Edi Element Type Description Text field Administrators can chose and enter a friendly name for the device PCI Scan Enabled Check box Checking this box means the PCI Scan will be available for the device HackerProof Enabled Check box Checking this box means the HackerProof Scan will be available for the device Sitelnspector Enabled Check box Checking this box means the Sitelnspector Scan will be available for the device Add Domain Text field Enter the domain you wish to add for scanning and click Add button next to it Total domains Text Shows the total number of available for adding domains this depends on your license type Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved L
18. The Ping the Remote Host scanner option will cause Nessus to include the target names target IPs that failed to respond to the pings in the report Log live hosts in the report The Log live hosts in the report option will cause Nessus to include the target names target IPs that successfully responded to the pings in the report 2 7 21 SMB Scope Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 34 C e a M e O r D e O www enterprise comodo com El Creating SMB Scope Oracle settings Request information about the domain Ping the remote host SMB Scope SMB use host SID to enumerate local users Request information about the domain Checking this option enables to check the domain user account amp unchecking this option specifies the local user account on the target SMB server 2 7 22 SMB use host SID to enumerate local users Plugin Preferences SME use host SID to enumerate local users Messus TCP scanner Nikto MASL wrapper Oracle settings Ping the remote host SME Scope SMB use host SID to enumerate local users AA ae p Start UID 1000 End UID 1200 e Start UID Specify the starting user id of the domain users in the target smb server e End UID Specify the ending user id of the domain users in the target smb server 2 7 23 SMTP settings Plugin Preferences SMTP settings MIE settings Third party domain example com SHP settings SSH settings To ad
19. Website From To Status Cate Order at Content Trial Payment Credential CVC for test com NEED Request ce DE Zei 1234567 26 DEC 06 r Select Website Select Content Coen 000000000000 Return t Management Options The first stage of the credit card logo selection process is to choose which cards you want to display If you bought a A or more logo payment credential CVC you are free to pick as many as you want providing you offer these payment methods from your website Choose credential type Clear Selection VISA E Diners Club Fail o International wm bw Visa IM Mastercard bw American Express AMEX Discover Diners Club _ PayPal e gold wf JCB Payments _ Maestro Switch Solo _ Delta PAP NETSUER Sow PERE IMA CONUS e EMER gpaysafecc COIN KA FIREPAY A _ Netteller _ Paysafe _ NoChex Firepay CentralCoin _ Click2Pay Cancel Please ensure you only pick logos you are authorized to use Your order will be validated prior to issuance e After making your choice click Next to continue Next you should choose the visual presentation orientation of the logos Choose the style you think will best fit in with the layout of your website Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 61 C e O M e O D e www enterprise comodo com Creating El Choose Presentation select the layout you wish ta us
20. by giving a set of rules to be configured for the specific port service vulnerability Security warning found an port service https 443 tcp Plugin Deprecated SSL Protocol Usage Category General remote services General Priority Ranking Medium Priority Synopsis The remote service encrypts traffic using a protocol with known weaknesses Description The remote service accepts connections encrypted using SSL 2 0 which reportedly suffers from several cryptographic flaws and has been deprecated for several years An attacker may be able to exploit these issues to conduct man in the middle attacks or decrypt communications between the affected service and clients See also http vwww schneier comf paper ssl pdf 9o Risk factor Medium CVSS Base Score 5 0 CUSS2ZZ AVIN AC L Au N C PZI N A N Our support team will review the information provided to ensure it is satisfactory Risk Factor Low Medium High In the report list the Risk Factor shows the severity of the vulnerability Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 46 C e 0 M e O D e www enterprise comodo com El Creating Security information found on port service general tcp E Note this information was first detected on 2008 10 21 10 09 26 Plugin TCP sequence number approximation Category General remote services General Priority Ranking Medium Priority The remo
21. comodo com El Creating Private IPs ranges are defined by RFC 1918 as 10 0 0 0 10 255 255 255 10 8 prefix 172 16 0 0 172 31 255 255 172 16 12 prefix 192 168 0 0 192 168 255 255 192 168 16 prefix Scan Compliancy How many concurrent scans can l run The both the Standard and Enterprise versions of the scan control center are restricted to 3 concurrent scans Please contact sales comodo com if you would like to increase this number In order to set up vulnerability scanning on an IP address you first need to add it to the Address Book Once an IP address is stored in the address book it becomes available for selection in the Start Scanning area of HackerGuardian You can add as many IP addresses as you like to the address book and you can run as many concurrent scans on IP s as per the license you purchased First add the IP addresses to the address book More information on this is available in the online help guide here http www hackerguardian com help address book html Second choose the IP addresses you want to scan including multiple addresses simultaneously More information on this is available in the online help guide here http www hackerguardian com help start_scanning html All Services How many ports does each service test Different level of services will allow for different total numbers of ports to be scanned If you use the Scan Control service you may define ranges of ports to be scanned wit
22. complete to the address test_user example com If you have not received a notification within 2 hours please check back You may click Stop Scanning to perform the scan later on Click Go To Report List or View Report to check the status of the IP scanned Set Options This area enables administrators to configure general options pertaining to the scans The settings you choose in this area will apply to any scan performed on selected device in the Scan Manager and Scheduled Scans areas sel Options You are logged in as TestUser G Logout On Demand Scan Options Port range default Safe checks Parallel checks d Designate hosts by their MAC address a Optimized the test E Nmapi NASL Wrapper Scan for LaBreatarpitted hosts Nessus TCP Scanner SYN Scan Ping the Remote Hosts Metstat Scanner Click here to view the description Set to Default Values Port range This is the range of ports that will be scanned A special value of default is allowed which scans port 1 15000 To scan all TCP ports on the target host enter 1 65535 Enter single ports such as 21 23 25 or more complex sets such as 21 23 25 1024 2048 6000 or put default to scan default ports Safe checks Some checks are potentially harmful to the target host being scanned When this option is enabled scans which may harm the target host are not performed This option should be disa
23. e O www enterprise comodo com Creating requirement The HackerGuardian Scan Compliance service provides merchants with a fast low cost way of meeting the PCI scanning guidelines Are home users a serious target for hackers Yes Home users are arguably the most vulnerable people around simply because they are usually not well protected Adopting a path of least resistance model intruders will often zero in on home users often exploiting their Always on broadband connections and typical home use programs such as chat Internet games and P2P files sharing applications HackerGuardian Free Scanning Service allows home users and network administrators alike to identify and fix any security vulnerabilities on their desktop or laptop computers Where can find a glossary of terms used on this website There is a glossary of terms available in the help section of the HackerGuardian website at http www hackerguardian com help glossary html Is there a User Manual for HackerGuardian There is an online manual at the following location http www hackerguardian com help manualmainpage html HackerGuardian Services Technical FAQ e All Services Do need to allow the HackerGuardian scanning IP address e All Services signed up and got the following message No vulnerabilities were found and the host did not respond to any of our checks what does this mean e Free Scan Can change the IP address that the Free Scan tes
24. eL D O www enterprise comodo com Creating 2 11 3 2 Open Ports Section The section displays the list of open ports detected on the device Open Ports i m fe lm SSCS 2 11 3 3 Your IP address YourDomain Section In the Report List the IP domain which has been scanned would be shown at the top of list Vv mydomain com OO Security hole found on part service general tep Security warning found on port service https 443 tcp ER Security information found on port service https 443 tcp E Plugin HTTP Server type and version Category General remote services General Priority Ranking Low Priority Synopsis web server is running on the remote host Description This plugin attempts to determine the type and the version af the remote web server EA Risk factor None Plugin output The remote web server type is Apache and the ServerTokens directive is ProductOnly Apache does not offer a way to hide the server type Security information found on port service pop3 110 tcp The Report list displays the sum of all security threats and vulnerabilities found during a scan followed by detailed description synopsis of the problem Synopsis The Synopsis in the report tells the end user about the security hole For example if the protocol is encrypted if debugging is enabled etc Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reser
25. important as it ensures the additional IP packs are added into your existing account Choose your Admin Contact s Management Details Existing customer gt Q New customer a new account will be created Login Name aa Your HackerGuardian UserName Login Password em Your HackerGuardian Password ensure you check the radio button Existing Customer Domain Details and fill out your username and password What type of customer are you Web Server Software Anorho Meeffe m Check the box agree with the terms and conditions of the subscriber agreement and schedule then Proceed to Checkout to complete the purchase PA PLP AS Lice LIS UL m TrustLogo means the service produced pursuant to the service described in this Schedule and means the service provided by Comodo which iz used to retrieve and verify TrustLogo Credentials by w _ agree with the terms and conditions of the Subscriber 4greement s and Schedule s Check the box then click on Proceed to Checkout to complete the purchase mmm Q PROCEED TO CHECKOUT The ability to scan the additional IP addresses will be automatically added to your license 2 13 Payment Credential CVC All PCI Scan Compliancy Service and HackerProof Service customers receive a complimentary Payment Credential CVC This high visibility site seal uses patent pending CVC technology to conclusively reassure your customers that you are authorized to acce
26. is a false positive already patched or if compensating controls exist within your infrastructure please click here Examples of universal vulnerabilities include e phf remote command execution as user nobody Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 47 C e a M e O D e O www enterprise comodo com El Creating e rpc ttdbserverd remote command execution as root e world write able password file modification of system critical data e default password remote command execution or other access denial of service problems that allow an attacker to cause a Blue Screen of Death e smurf denial of service by flooding a network Examples of exposures include e running services such as finger useful for information gathering though it works as advertised e inappropriate settings for Windows NT auditing policies where inappropriate is enterprise specific e running services that are common attack points e g HTTP FTP or SMTP use of applications or services that can be successfully attacked by brute force methods e g use of trivially broken encryption or a small key space Each CVE name includes the following e CVE identifier number e CVE 1999 0067 e Indication of entry or candidate status e Brief description of the security vulnerability or exposure e Any pertinent references i e vulnerability reports and advisories or OVAL ID 2 11 3 4 Repor
27. rv Unlimited HackerGuardian Free Sean 2007 0 ip Addrezz rvica Unlimited Additional IP Address Pack Found 3 row s Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved ro C e O M e O D e www enterprise comodo com El Creating 5 HackerGuardian FAQs HackerGuardian Services General FAQ e HackerGuardian Services Technical FAQ e PCIFAQ HackerGuardian Services General FAQ e Whats the difference between the HackerGuardian services e Whatis a CVC e Why should a customer trust a CVC e Whatis a Payment Credential CVC e Why dol need vulnerability scanning if have an SSL certificate e Are home users a serious target for hackers e Where can find a glossary of terms used on this website e ls there a User Manual for HackerGuardian What s the difference between the HackerGuardian services HackerGuardian PCI Scan Compliancy The PCI Scan Control Centre is an on demand vulnerability assessment scanning solution to enable merchants and service providers to achieve PCI scan compliance visa RE E After each scan users receive a comprehensive vulnerability report detailing any security issues with remediation advice and advisories to help fix them Following a successful scan no vulnerabilities rated higher than CVSS base score 4 0 merchants receive an official PCI compliance report that can be sent to an
28. shown below NOTE All domains need to be validated by Comodo staff before commencing any scanning Validation may take a day or two but is a one time procedure Your domain will appear as validated once this has been completed Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved f C e O e M e O D e O www enterprise comodo com Creating Infrastructure Scan Manager ih 5can Manager You are logged in as TestUser PCI Scanning Devices Hacke Retest Security Items Name Content Za PCI SCA acker Proof Status Pron Lu lante Enable o Set Options No Device nas been added K set Plugins Set Preferences La Email Alert Options Skat abelnspectaor Scan bk set FLI Scan Start Custom de Click here for step by step details on how to create a HackerGuardian PCI scan Device lii Set Options Press Set Options to configure general options pertaining to the scans The settings you choose in this area will apply to any scan performed on selected device s in the Scan Manager and Scheduled Scans areas Choose the needed and make sure to click Save to preserve changes iv Set Plug ins Press Set Plugins to choose which plug ins will be deployed during a scan Plug ins can be enabled or disabled by family type or on an individual plug in basis Check uncheck the box opposite the needed plug ins and make sure to click Save to preserve changes v
29. shows the list of user stored devices The the following information could be visible Section Specific Controls Scan Manager Menu Element Element Type Description Name Text field Displays the device name a friendly name which was given by administrator when creating the device Content Text field Displays all the associated domains e g www domain com or IP addresses that administrator specified for the device Tip Place the mouse cursor over the name to view all the associated domains or IP addresses NOTE If you specified only IP address without domain name it is displayed in the field If you entered domain name as well it is shown instead of IP PCI Compliance Text field Displays the result of last PCI compliance scan for the device it can be Compliant Not Compliant PCI Scan Enabled Check box Enables administrator to disable the PCI scan temporarily This option is Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 69 C e a M e O D e www enterprise comodo com El Creating available if the administrator has a PCI scan compliancy license HackerProof Enabled Check box Enables administrator to disable the HackerProof Scan temporarily This option is available if the administrator has a daily scan HackerProof license Sitelnspector Enabled Check box Enables administrator to disable the Sitelnspector Scan temporarily
30. starting HTTP path that Nessus will use to begin mirroring attempts 2 7 29 Windows File Contents Compliance Checks Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 37 C e O M e O D e O www enterprise comodo com Creating Plugin Preferences Windows File Contents Compliance Checks Hazzuz TER scanner Policy file st Mikto MASL wrapper Oracle settings Policy file 2 Ping the remote host Policy file amp 3 She Scope Policy file 4 Windows File Contents Compliance Checks SMTP settings Policy file 5 2 8 Schedule scan HackerGuardian vulnerability scans can be scheduled to run e Ata specific date and time e On a recurring basis at daily weekly monthly or user specified intervals Schedule Options You are logged in as TestUser Schedule Options Delete All Device Name Targets Tine Recurring Delete Test example com uuu n es Found 1 row s The summary screen displays a list of existing scans Each row shows the target device the time that the scan is stated to run and whether the scan is recurring To schedule a new scan click the Add New Schedule button NOTE existing scans cannot be edited To change the schedule of a scan assigned to a particular target you should first delete the existing schedule and click Add New Schedule You will then be able to assign a new timetable to a scan device 2 8 1 Add New Schedu
31. to only use the NTLMv2 protocol for all SMB testing Enable this option only if the target network is configured to support NTLMv2 Otherwise enabling this option may cause Nessus to be unable to authenticate to the Windows domain and could cause some vulnerabilities to be missed e SNMP community sent in clear The community name specified here is passed to the snmpwalk command to try and gather information about the target via SNMP WARNING Beware that the password specified here will be sent in clear text over the network during testing 2 7 15 Misc information on News server Plugin Preferences Mi zc infor mation on Hews Server acr ws Be ET VS Teszt group name regex az bests Kerberos configuration Login confiqurations Max crosspost 7 Mise information on Hews server Hessua TOE Seng Local distribution Nikto NA SL wrapper W va archive Oracle settings Ping the remote host MB cope SMB use host SIO to enumerate local users Tr Test group name regex fFla z tests Im Max crosspost H SMTP settings SHMP settings SSH settings O No archive From address Nessus listmetelstme d Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 30 C e a M e O D e O www enterprise comodo com El Creating From address During NNTP testing Nessus will attempt to post test articles to news group
32. 0 M O D e O www enterprise comodo com Creating View Report Ge Logout You are logged in as Testllszer Site Inspector Report 23731 2 PDF site Inspector Reports Target Start Time End Time Status Description wvew mydomain 30 07 2009 30 01 2009 malicious failed com Found 1 rows The Sitelnspector Report can be converted into PDF format by clicking the icon in the upper left hand corner 4 Licensing Click View License to view account licenses Start Date End Date Type Quantity 2007 06 05 01 00 00 2008 06 04 00 59 59 HackerGuardian Daily Scanning Service Unlimited 2007 06 05 01 00 00 2008 06 04 00 59 59 HackerGuardian Daily Scanning Service Unlimited 2007 06 05 01 00 00 2008 06 04 00 59 59 HackerGuardian Daily Scanning Service Unlimited Found 3 row s View License has got the following columns e Start date shows the License purchase date e End date shows the License expiry date e Type shows the Type of scan service Quantity shows the number of scans that can be performed with the existing license Licensing Types To refresh license choose it in the drop down window and click REFRESH Type Le e HackerGuardian Daily Scanning Service m l al HackerGuardian On Demand Scan Quantity Scan Control Center Enterprise SAS Medium AO 4007 0 HackerGuardian VSAS High V alume pd Unlimitad Scan Control Center VSAS Basic laz EES 2007 0 HackerGuardian Free PCI Scan
33. 00 000 installations of its threat prevention products Comodo Security Solutions offers an extensive suite of endpoint security software and services for businesses and consumers Continual innovation a core competence in PKI and a commitment to reversing the growth of Internet crime distinguish the Comodo companies as vital players in the Internet s ongoing development The Comodo companies secure and authenticate online transactions and communications for over 200 000 business customers and have offices in the US UK China India Romania and the Ukraine Comodo provides businesses and consumers with the intelligent security authentication and assurance services necessary to establish and ensure trust in online transactions Comodo CA Limited Comodo Security Solutions Inc 3rd Floor 26 Office Village Exchange Quay 025 Washington Blvd Trafford Road Salford Manchester M5 3EQ Jersey City NJ 07310 United Kingdom United States Tel 44 0 161 874 7070 Tel 1 888 256 2608 Tel 1 703 637 9361 Email EnterpriseSolutions comodo com Fax 44 0 161 877 7025 For additional information on Comodo visit http www enterprise comodo com Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 85
34. 57 19 xX Audit time 1 10 45 SEX o Audit Time o Devices Scanned B Security Holes B Security Warnings BH Security Notes List of devices scanned www mydornain com 3 CGI abuses X55 General remote services General Firewalls Web Servers Common gateway interface General remote services Service detection Back doors and Trojan horses E E ppn Box 1 is a summary of the criteria used during the scan It shows the number plugins deployed vs the number available when the scan was performed on the specific IP address or range of IPs or domain The options field contains a condensed summary of the parameters chosen in the Gei Options section of HackerGuardian NOTE the diagram shows the number of plugins at the time the scan was run i e the historical configuration of plugins at scan time Box 2 indicates the date and time of the scan began date and time of scan finish and scan duration This information is also represented by the light blue area in the accompanying diagram Box 3 gives the information regarding the security holes found security warnings and security notes In the table you can see number of it and percentage proportion in diagram Box 4 gives the information regarding the categories In the table you can see number of failed tests in each category and percentage proportion in diagram Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 44 C eL M
35. 58 10 15 21 46 34 Mot Compliant 3 Severity Rating Mapping The following table shows the official PCI severity ratings and their HackerGuardian equivalent names 3 severity Rating Mapping To be considered compliant a server must not have vulnerabilities with a CV 55 base score greater the 4 0 These vulnerabilities are assigned with a severity of Urgent Security Holes C SS base score 7 0 10 0 or Medium Priority Security Warnings C SS hase score 4 0 6 9 If no vulnerabilities with a CVSS base score greater than 4 0 named security holes in HackerGuardian are detected then the scanned IP addresses hosts and internet connected devices have passed the test and the report can be submitted to your acquiring bank Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved of C e O M e O D e www enterprise comodo com Creating El 2 12 If the report indicates Non Compliant then the merchant or service provider must remediate the identified problems and re run the scan until compliancy is achieved If your HackerGuardian PCI Scan Compliance Report indicates NOT COMPLIANT then vulnerabilities with a CVSS base score greater than 4 0 were discovered on your externally facing IP addresses The accompanying Audit Report contains a detailed synopsis of every vulnerability prioritized by threat severity Each discovered vulnerability is accompanied with solutions expert advice and cross
36. 7 14 El Plugin Preferences Hydra SMB kee Login configurations Misc information on Mews seryer HMezzus TCP scanner Mikta MASL wrapper Oracle settings Ping the remote host SME Scope MB use host SIL SMTP setting SHIP settings amp www enterprise comodo com kerberos configuration Kerberos Key Distribution Center KOC Kerberos KDC Port HH Kerberos KDC Transport udp O tcp Kerberos Realm SSH only Kerberos Key Distribution Center KDC rull Kerberos KDC Port BB Kerberos KDC Transport ls L Login configurations Provide the username password for the common servers Some tests will use those logins when needed If you do not fill some logins those tests will not be able run This test does not do any security check Plugin Preferences Kerberos configuration La gi contig EAS Mise information on News server Messus TOP scanner Nikto NASL wrapper eng lm eem em eet Oracle sertings Ping the remote host SMB Scope SMB use host SID to enumerate local users SMTP settings SNAP settings SSH settings Login configurations I P HTTP account null HTTP password sent in clear NATP account HNTP password sent in clear FTP account FTP password sent in clear FTP writeable directory POP account 41 _
37. A o AP E TUARUM TUS DETUR ATIS 54 21O PCL COmMpliance REPON EE 57 2 12 AOR E e 99 2 13 Payment Ee ere C 60 3 Sitelnspector Scanning M 70 AE A e ei E 70 A o E 0 PEE A 12 e o OA A e PO CA 73 5 Hack rcuardian E 75 APOC ONO e EE 87 Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 4 C e a M e O D e O www enterprise comodo com Creating El 1 1 1 2 1 Introduction to Comodo HackerGuardian Service Overview HackerGuardian is a fully configurable vulnerability assessment and reporting service for networks and web servers Our remote audits run over 24 000 individual security tests on your organization s servers then provide expert advice to help you fix any vulnerabilities It is available both as configurable on demand service leading and as an automated HackerProof service with free Comodo HackerProof trust mark Because Comodo is PCI Approved Scanning Vendor ASV our HackerGuardian Scan Control Center range provides everything a merchant needs to ensure compliancy with the PCI guidelines Comodo also offers two other vulnerability scanning services HackerProof and Sitelnspector HackerProof is the daily vulnerability scanning and certification service that builds consumer trust into your website Site Inspector connects to your website from a customer s point of view to determine whether or not your website contains malicious c
38. IP Scan Compliancy have entered my IP in the address book how long will validation take HackerGuardian no longer requires IP addresses to be validated All Services received an email saying new tests were added but HackerGuardian still shows the old number How do add them Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 17 C e a M e O D e www enterprise comodo com El Creating Click the tick at the top of the plug selections to enable all new tests in the current scan This is explained in more detail in the Plug In section of the online help guide here http www hackerguardian com help set plugins htmlZupdates All Services Does Comodo maintain any statistics about what of clients consistently a score of 0 on the High Risk threats Or what of all commercial servers would have this score Comodo does not maintain any sort of global statistics about the scan results we produce All Services How do I upgrade from a trial account to the full version Upgrade PCI Scan Control Service Click the Upgrade to Full Service button in the HackerGuardian interface Or Upgrade by buying the full version through this link http www hackerguardian com ssl certificate products ssl certificate index html Remember to select Existing Customer and use your regular Comodo account username and password to during signup All Services After upgrading will have to re enter m
39. LDAP Report paranoia Hydra Postgres Normal Hvdra SAP R3 avoid false alarms Hydra SMB O Paranoid more false alarms IE adim D rer o Kerberos configuration xu PRF HTTP User Agent Mozilla 4 75 en 5 Login configurations WEE w Enable 231 scanning a _ _ al 2 7 4 HTTP login page Login through HTTP page This script logs onto a web server through a login page and stores the authentication session cookie Plugin Preferences Cleartext protocols settings Login page E Do not scan fragile devices l Login form Global variable settings HTTP login page Hydra Cizco enable Login form fields users tLISER t pass t Login page Login form Login form fields user XU SER X passe Hydra LDAP Login page null Hydra Postgres a A Hydra SAP R3 Login form null Hydra SMB Login form fields null Login page If the HTTP server on the target requires authentication this option would specify the HTTP path not the file system path of the login page HackerGuardian will use this page to authentic to the HTTP server before performing testing Login form If the HTTP server on the target requires authentication this option would specify the HTTP form for login Nessus will use this information to authenticate to the HTTP server before performing testing Login form fields If the HTT
40. O e M e O D e O www enterprise comodo com Creating A A is 27 aio A Ao aA E E E E A A Zt AN Sa 27 Ze ele ie AM e eE E A A 28 AA SO FO NTE 28 FAN M PA SIS Ecl EE 28 2 17 13 Kerberos ee E e EE 28 Ze ELECO EE 29 2 7 15 Misc information on News See risa a dali 30 en LR TOS E a E 31 PONE NIKO UNAS MIDEN rr atacada 31 AA Te eg EE 31 NN ESO lle o 34 LT REB Ee NOS cosa 34 A e asec rin N EEE mem Eve E Dis pe MU A EEEE EE 35 2 7 22 SMB use host SID to enumerate local user REENEN EEN ENN 35 AA A o A o 35 NIS So logo EE OD A So e O A 36 A A A vipa T AN E E EEA EE EE AN ETT 36 2 1 27 Unknown CGIs e AE iUi ap pct cere ene RTI ETT 37 Lo EE 37 2 7 29 Windows File Contents elle E aere E cocos tii 37 PASE a USTE EN 38 2 51 88 NEWS SNE QU O E 38 IFA POSES A A A c 39 o EE 40 Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 3 C e O e M e O D e www enterprise comodo com Creating E 211 ET Ee EUR REO Scion toas 41 A SUMMATY E 41 2 11 2 Individual Audit Reports nort nera rtr id a dead 44 2 11 3 Individual Audit Reports In Detail 44 2 11 3 1 Summary SS 44 2 11 3 2 Open ene EEN 46 2 11 3 3 Your lP address YourDomain de EEN 46 211 34 Reporning a False Fe OS EE 49 ee NGO e DEE 50 ss A P m 51 AS e A
41. P server on the target requires authentication this option would specify the form field names for login HackerGuardian will use this information to authenticate to the HTTP server before performing testing The USER and PASS variables are defined in the Prefs Login configurations HTTP account and HTTP password sections 2 7 5 Hydra NASL wrappers options This plugin sets options for the hydra 1 tests Hydra attempts to discover passwords using brute force Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 26 C e a M e O D e www enterprise comodo com Creating 3 Global variable settings A Hydra NASL wrappers options HTTP login page Number of parallel tasks 16 Timeout in seconds 3n 3 Try empty passwords E Try login as password E O Exit as soon as an accountis found Add accounts found by other plugins ta login file Hydra Postgres 2 7 6 Hydra Cisco enable This option integration with the THC Hydra network authentication brute force cracker Enabling this option will cause Hydra to attempt to brute force crack Cisco authentication Plugin Preferences Hydra Cisco enable Hydra IMASL wrappers options Logon password i Hydra Cisco enable Hudra HTTP 3 2 7 7 Hydra HTTP This option enables integration with the THC Hydra network authentication brute force cracker Enabling this option will cause Hydra to attempt to brute force crack HTTP authentication P
42. RACK are HTTP methods which are used to debug web server connections In addition it has been shown that servers supporting the TRACE method are subject to cross site scripting attacks dubbed ST far Cross Site Tracing when used in conjunction with various weaknesses in browsers An attacker may use this flaw to trick your legitimate web users to give him their credentials See alen http ww cgisecurity com whitehat rirror WH WhitePaper x k pdf http www apacheweek com issues 03 01 24 http www kb cert org vuls id 867593 Q solution Disable these methods Risk factor Medium CVSS Base Score 5 0 CVSSZRAVIN AC L AutM C P T N A N Solution Add the following lines far each virtual host in your configuration file RewriteEngine on RewriteCond REQUEST METHOD TRACE TRACK RewriteRule F Alternatively note that Apache versions 1 3 34 2 0 55 and 2 2 support disabling the TRACE method natively via the TraceEnable directive Plugin output The server response from a TRACE request is TRACE Messusi537808302 html HTTP 1 1 Connection Close Host comoda group demarc cogentco com Pragma no cache User Sgent Mozilla 4 0 compatible MSIE 6 0 Windows MT 5 0 Accept image gif image x xbitmap image jpeg image pjpeg image png Accept Language en Accept Charset iso 8853 1 utf 8 C3ICVE CVE 2004 2320 BID 9506 9561 11604 Other references OSVDB 877 OSVDB 3726 If you think this vulnerability
43. Set Preferences Press Set Preferences to configure the account options Options include Login Configuration Ping NIDS Evasion Services SMB vi Schedule Scan HackerGuardian scans can be scheduled to run at a specific date and time or on a recurring basis at daily weekly monthly or user specified intervals Press Schedule Scan add schedule if needed and make sure to click Save to preserve changes vii Start Scanning Press Scan Manager in the left menu make sure that the device s you require to scan are enabled to PCI compliance scan the box PCI scan enabled is checked and press Start PCI Scan button To start on demand scan click Start cker Proof Status PCI PCI Scan EE Compliance Enabled comodo com D On Hald viii View Report Click View Report to see a summary of available reports If scanning completed successfully it will be checked with Finished otherwise Failure Find out more about HackerGuardian reports and how to interpret them here Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 8 C e O M 0 D e O www enterprise comodo com Creating 2 2 PCI Scanning Service Infrastructure The left hand navigation bar of the HackerGuardian main interface has the following options infrastructure Scan Manager Provides the administrator with full complex of devices management allows to add Carm Manager device for scan
44. Test Detailed waa mydomain2008 10 092008 10 09 E report com 13 40 50 13 40 53 Mi 0 00 Failure D Detailed www example 2008 10 092008 10 09 report com 13 40 49 13 40 53 MA 0 00 Failure sie aj 4 t Found 11 18 of 18 rows Select all reports for Comparative Summary wwvymydomain cam E PE our ID adress S PCI Compliance Report WM Example com EI Note Merchants and service providers have the ultimate responsibility for defining the scope of their PCI Security Scan If an account data compromise occurs via an IP address or component not included in the scan the merchant or service provider is responsible aur f k on our service rn rovi via this form Report summary columns Request Time shows the Date and Time of scan request e Start Time shows the Date and Time of scan start e End Time shows the Date and Time of scan end e Audit Time shows the period of time of the performed scan e Status shows whether the scan has been completely performed or not If completely performed then the Status is shown Finished If not completely performed then the status remains Failure e Target shows the IP address for which scan has been performed e PCI Compliance shows PCI compliance report This section also has additional options to view and compare reports refresh and delete buttons Select all reports for this box provides a shortcut that allows all reports for a particular IP to be s
45. This option is available if the administrator has a daily scan HackerProof license HackerProof Status Text field Shows the validation status of the domain After first applying this will say Awaiting Validation Once we have validated the domain it will change to ORT Edit Control Enables administrator to edit the device details Delete Control Enables administrator to delete the device Add Device Control Enables administrator to create a device Add Device dialog appears Start Sitelnspector Control S E Enables administrator to start Sitelnspector scan on the selected devices can Start PCI Scan Control Enables administrator to start PCI compliance scan on the selected devices Start Custom Scan Control Enables administrator to start vulnerability scan an on demand scan with their plug in configuration on the selected devices Logout Control Enables administrator to logout from Hackerguardian interface Once you have created a device you can run a Sitelnspector Scan Run a Sitelnspector Scan e Switch to the Scan Manager section of the Hackerguardian interface Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 70 C e O M e 0 D e 0 www enterprise comodo com Creating S Scan Manager You are logged in as Testll er 522 Logout PCI PCI Custom Hacker Hacker Site Content roe ninm Scan Proof Proof Inspector Controls P Enabled Status Enable
46. Trust Online Comodo HackerGuardian Comodo CA Limited 3rd Floor 26 Office Village Exchange Quay Trafford Road Salford Greater Manchester M5 3EQ United Kingdom User Guide C e O e M e O D e O www enterprise comodo com Creating Table of Contents 1 Introduction to Comodo HackerGuardian Gervice AE 5 A e X 5 1 2 Hackerouardian PCI Scan Compliancy SeLViGOssssusktudssretavd ca dise ctae trud lodo 5 1 3 Free le le Ee o SC USO O 6 Ae as TNNT 6 2 1 Starting up with HackerGuardian PCI Scanning Gernice eene nnne nenne nnne nuns 6 EE ee ele Le Te MaS TUS c H 9 A Eme 9 AND A e IE OS Eu O o A 11 2 3 2 How to Create a New MB aida 12 2 3 3 Devices Manage Me acia ee 15 2 3 3 1 Moving Domain to Another E e 15 2 3 3 2 Removing Domain from a Devce E 16 E LI ne a A dada Peatetenwaedenteteaagenotsedestuascasteete 17 2 4 Retest Security Hemes 19 o eege 20 DO Te EE 21 PAME a O aye E tune ae cauv anne dicibad ane onnjouue yuna 22 20 MUI Elei EE 23 LES SN EE 24 LEE e A A Seer 24 2 Brody eei deii e OTT alicia 25 243 AID NW AAO LS UI NS aia ai o idas 25 P e AAA PP IPPO CUE O A 26 2 1 5 Hydra NASL eco A o A o CON DN x MU RON EIUS NLE CUDAR LATE Y UE 26 2 7 6 Hydra Cisco pio MIRROR 27 Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 2 C e
47. ack that suits your requirements You can add more than one pack of a particular type by clicking again I z D ee You are here Comodo HackerGuardian gt Products gt HackerGuardan Additional IP Address Pack HackerGuardian Additional IP Address Pack P Address Pecks can be added io your kengem alow vou to scan addigra axiernaby facing E addresses Choose the Addtional IP pack that suits your requirements Buy HackerGuardian Additional 1 IP Addresses 15 ADD TO SHOPPING CART Shopping Cart Buy HackerGuardian Additional 5 IP Addresses 50 ADO TO SHOPPING CART Product Buy HackerGuardian Additional 10 IP Addresses 100 ADD TO SHOPPING CART Certificate Term Buy HackerGuardian Additional 5D IP Addresses 500 ADD TO SHOPPING CART sisi Brice Buy HackerGuardian Additional 199 IP Addresses 900 ADD TO SHOPPING CART CG PROCEED TO CHECKOUT er Buy HackerGuardian Additional 00 IP Addresses 4000 ADD TO SHOPPING CART EA EE BUY MORE PRODUCTS Buy HackerGuardian Additional 1000 IP Addresses 57000 AGG TO SHOPPING CART Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 59 C e O M e O D e O www enterprise comodo com Creating B When you are happy with your choices click Proceed to checkout 3 On the ordering form ensure you check the radio button Existing Customer and fill out your username and password This is
48. acquiring bank Accessed through a secure online interface the service is highly configurable and features a free Payment Credential CVC site seal helping to reassure web site visitors that you are authorized to take card payments online The Standard version enables merchants to run 10 PCI scans per quarter on up to 5 IP addresses using the full complement of over 21 000 individual vulnerability tests The Enterprise version is a more powerful and flexible service which provides for up to 100 scans per quarter on 20 IP addresses HackerGuardian Free PCI Scan The Free PCI Scan service is valid for 90 days and allows merchants to achieve PCI scan compliancy free of charge The service contains all the functionality of the Scan Compliancy but restricts the user to 5 PCI scans per quarter on a maximum of 3 separate IP addresses The service generates an official PCI Compliant report after every successful scan but does not include a Payment Credential CVC Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 14 C OC M eL D O www enterprise comodo com Creating Learn More HackerGuardian Free Scan Available to website owners network operators and home users free of charge Registering for the service enables users to run a HackerGuardian vulnerability audit on a single IP to identify potential security threats The Free service is limited to 3 scans per license on a single IP and is non user customizabl
49. al security checks functions of Nessus The value specified here will be used as the public key when establishing an SSH connection to the target host to login and perform local security checks SSH private key to use This option is used with the local security checks functions of Nessus The value specified here will be used as the private key when establishing an SSH connection to the target host to login and perform local security checks e Passphrase for SSH key This option is used with the local security checks functions of Nessus The value specified here will be used as the SSH key passphrase when establishing an SSH connection to the target host to login and perform local security checks 2 7 26 Services Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 36 C e O M e O r D e O www enterprise comodo com Creating El Plugin Preferences Hazsus TCP canner Humber of connections done in parallel Hikta HA SL wrapper Oracle settings Ping the remota host Network read write timeout SMB Scope Hetwork connection timeout Wrapped service read timeout SMTP settings SSL certificate SHMP settings SSH settings Services SSL private key DEN password Unknown cGIs arguments torture CA file Web mirroring steel bocad ee Windows File Contents Compliance Checks d 2 7 27 Unknown CGIs arguments torture
50. an User Guide 2009 Comodo CA Limited All rights reserved 14 C e a M e O D e www enterprise comodo com El Creating Add Domain www domain com status Move 6 Total domains 1 Free domains O Once the administrator added a domain the managing options become available To view status of domain validation click on Status link next to domain name in the Add Edit Devices dialog The status of the validation process is shown in pop up window see screenshot below The page at https 11 111 111 11 says A Status description Awaiting Walidation Add IPs enter IP and click Add button next to it This field is necessary to be filled You can add as many IP addresses as allowed by your PCI license Validation is not required Note You must enter external IP addresses in these fields HackerGuardian will not scan private IP addresses that refer to machines internal to your network Private IPs ranges are defined by RFC 1918 as 10 0 0 0 10 255 255 255 10 8 prefix 172 16 0 0 172 31 255 255 172 16 12 prefix 192 168 0 0 192 168 255 255 192 168 16 prefix 4 After you have filled out all the applicable fields click Save 2 3 3 Devices Management The Scan Manager section of Hackerguardian interface provides administrator with possibility to perform full complex of device management From here administrator can edit device s details delete a device move domain to another device or re
51. ancel e Next check the box You confirm that this security item is a false postive and has been fully patched fixed on your server e Important administrators must include information in the text box detailing the patch or compensating control that they have deployed If this space is left blank then the request will be automatically rejected Click Save to submit the report to the HackerGuardian technicians for analysis and verification The advisory will contain the following message to indicate that your submission is under review Our support team will review the information provided to ensure it is satisfactory If Confirmed as false positive by our technicians This security hole will no longer count against your IP address Genuine false positives are automatically removed from the list of security holes from which your PCI report is derived Your Host Compliancy Status will be automatically updated in your PCI Compliancy Report You do not need to run another scan For example If this false positive represented the only security hole on your host then your PCI report will change from Not Compliant to Compliant and you can immediately download it List of all False Positives you submitted is accessible by clicking False Positive item in the left side menu 2 11 3 5 Mitigation Plan HackerGuardian will conduct an in depth audit of your network to detect vulnerabilities on your network and web server If your serv
52. appears Stop Scanning Stop All scans 3 APPROVE CANCEL e Click Cancel to continue the scan The result of the scan you can view in View Reports section 2 4 Retest Security Items The main benefit of retesting security items with same plugin configuration scan options is to see if the problems identified by the previous scan have been dealt with effectively If you want to retest the security items click Retest Security Items The following screen appears Retest Security Items You are logged in as Test User c Logout Retest security tems Device Re Scan Retest Security tems 16 52 34 Wu domain Com Retest Security Items Security Items Found 2 rows 0085 10 29 10 00 10 Device 1 11 111 111 11 The Retest Security Items contains the following e Time Shows the date and time of the last scan performed e Device Shows the scanned device name e Target Shows the P address or domain name Re Scan To perform a new scan of an IP which has been scanned for security earlier If Retest Security Items is clicked then HackerGuardian starts scanning the IP When scanning the following message is displayed Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 19 C e O M e 0 D e O www enterprise comodo com Creating 2 5 Scan Started You are logged in as TestUser Scanning has been started You will receive an email notification when the scan is
53. ard the compliance validation requirements of the old VISA CISP and MasterCard SDP programs have been aligned so that merchants need only validate their compliance once to fulfill their obligation to all payment cards accepted Merchants will provide compliance validation documentation to their Acquirer s Compliance validation documentation consists of the appropriate annual self assessment questionnaire and accompanying attestation of compliance and possibly the quarterly PCI scan compliance report To whom does the PCI regulations apply The PCI DSS standards apply to all entities that process store or transmit cardholder data This includes all merchants and service providers with external facing IP addresses handle store or transmit credit card data Even if your website does not offer website based transactions for example you link to a payment gateway there are other services that may make card data accessible Basic functions such as e mail and employee Internet access will result in the Internet accessibility of a company s network These seemingly insignificant paths to and from the Internet can provide unprotected pathways into merchant and service provider systems if not properly controlled What is defined as cardholder data Cardholder data is any personally identifiable data associated with a cardholder This could be an account number expiration date name address social security number etc All personally identifiable info
54. ation Documents Note 2 Submitting your Business Validation Documents NEEDS ONLY BE DONE ONCE PER ACCOUNT and will cover you for all current and future purchases For example if you are buying an SSL certificate AND a CVC you need only submit ONE set of documents ii Merchant Account Validation Documents additional docs required for Payment Credential CVC If you have not already done so you need to supply proof that you are a registered merchant to docs comodogroup com quoting your Order Number e f you maintain your own merchant facilities please supply e A copy of documentation detailing your Merchant Account Activation as supplied by your merchant acquirer bank e A copy of your Merchant Account monthly statement e Ifyou use the services of a hosted payment gateway please supply e Your full name and Id as provided to your payment gateway and a copy of documentation detailing your activation to use the payment gateway facilities If you do not have easy access to any of the above please contact docs enquiries comodogroup com for alternative methods of validation PLEASE NOTE This order can only be completed once we have been able to fully validate your application details Normally this process takes a few minutes but it may take up to two working days lt is advisable to send your documents immediately to docs comodogroup com 2 Installation of CVC After the necessary validation processes have been successfully completed y
55. be taken to the main interface and alerts would not be saved If you click Save you would get the following message Confirmation Message Your information has been successfully saved Click OK to take effect of the alerts set 2 11 HackerGuardian Reports Clicking the View Report button in the HackerGuardian interface brings up the Report Summary Screen 2 11 1 Report Summary The summary provides an at a glance overview of all completed scans and serves as a central point of access to Individual Audit Reports Comparative Summaries Executive Summaries and PCI Compliance Reports Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 41 C e 0 e M e O r D e www enterprise comodo com Creating E Select a report to view Start Year Month Day End Year Month Day Device Request E Audit Name Reports Targets Time Stark Time End Time Time Status PCI Compliance Device 1 Compliant Detailediaraw mydomain2008 10 152008 10 152008 10 15 E PCI report com 13 21 36 13 21 40 13 22 14 0 34 Finished Compliance Device 2 Settings not Detailed www example 2008 10 152008 10 152008 10 15 _ ee suitable for report com 13 02 01 13 02 02 13 02 37 0 34 Finished peT compliance scanning Device 3 Compliant Detailed j 4 2008 10 152008 10 152008 10 15 PEI report your Paddress 12 59 39 12 59 41 13 00 20 0 39 Finished Compliance
56. bled to perform a full scan Parallel checks This is the maximum number of security checks that will be performed in parallel This may be reduced to a minimum of one to reduce network load Designate hosts by their MAC address This option will identify hosts in the scan report by their Ethernet MAC address rather than their IP address This is useful for networks in which DHCP is used Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 20 C e a M e O D e www enterprise comodo com Creating El 2 6 Optimized the test This option allows the scan to be optimised by only performing tests if information previously collected indicates a test is relevant When disabled all tests are performed Nmap NASL Wrapper This runs nmap 1 to find open ports See the section plugins options to configure it Exclude toplevel Domain Wildcard host The host you were trying to scan is blacklisted its address is known to be returned by a wildcard on some top level domains or its the web server You probably mistyped its name Scan for LaBreatarpitted hosts This performs a Labrea Tarpit scan by sending a bogus ACK and ACK window probe to a potential host It also sends a 1 CP SYN to test for non persisting La Brea machines Nessus TCP Scanner This is a classical TCP port scanner It shall be reasonably quick even against a firewalled target Once a TCP connection is open it grabs any available bann
57. ce provider The scan will identify vulnerabilities in operating systems services and devices that could be used by hackers to target the company s private network As provided by qualified scan vendors such as Comodo the tool will not require the merchant or service provider to install any software on their systems and no denial of service attacks will be performed How often do have to scan Every 90 days once per quarter Merchants and Service providers should submit compliance documentation successful scan reports according to the timetable determined by their acquirer Scans must be conducted by a PCI Approved Scanning Vendor ASV Comodo is a PCI Approved Scanning Vendor What reports are provided by HackerGuardian scanning service Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 82 C e a M e O D e www enterprise comodo com El Creating HackerGuardian Scan Control service provides two reports after each scan the Audit Report and the PCI Compliance report The PCI Compliance report is the one you need to submit to your acquiring bank to demonstrate compliance The Audit Report is a more technical document used to identify and remediate any security holes What criteria causes a Pass or Fail on a PCI scan Each post scan HackerGuardian vulnerability report states a PCI compliance status of Compliant or Not Compliant based on the discovery of potential security flaws on your systems
58. d Enabled domain www rmwdornain C On Hold D Add Device Start Sitelnspector Scan Start PCI Scan Start Custom Scan e Make sure that the device s you require to scan are enabled to Sitelnspector scan the box Sitelnspector Enabled must be checked Press the Start Sitelnspector Scan button Scan Manager You are logged in as Testll ser 522 Logout Devices PCI Custom Hacker Hacker Site Scan Proof Proof Inspector Controls Enabled Status Enabled Enabled ydomainwww mydomain c Lal on Hold L Add Device PCI Compliance Start Sitelnspector Scan Start PCI Scan Start Custom Scan The result of the scan you can view in View Reports section 3 2 View Report To view Sitelnspector Scanning Report select View Report in the Site Inspector Scanning section of the interface as shown below Site Inspector Scanning View Report Licensing The following screen appears Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 71 C eL M eL D O www enterprise comodo com Creating View Report You are logged in as E Logout Site Inspector Reports Refresh Report List Refresh Report List List eS Start Time End Time Audit Status Check Time Time Status Detailed 2009 01 202009 01 20 2009 01 30 i Finished De EE 15 41 21 15 41 36 0 009 Sete Ss Detailed 2009 01 30 2009 01 302009 01 230 ee dl oele 16 06 20 16 06 23 J 009 Ala
59. d writable directory on the target FTP server e POP2 account This option specifies the username of the POP2 account used to login to the target for POP2 testing e POP2 password sent in clear This option specifies the password of the POP2 account used to login to the target for POP2 testing e POP3 account This option specifies the username of the POP3 account used to login to the target for POP3 testing e POP3 password sent in clear This option specifies the password of the POP3 account used to login to the target for POP3 testing e IMAP account This option specifies the username of the IMAP account used to login to the target for IMAP testing e IMAP password sent in clear This option specifies the password of the IMAP account used to login to the target for IMAP testing e SMB account Specify the global user name account which has ths the read only register rights to all the server in the domain inorder to audit the primary Domain Controller e SMB password Specify the global password account which has the read only register rights to all the server in the domain in order to audit the primary Domain Controller e SMB domain optional Specify the domain name to audit the primary Domain Controller Never send SMB credentials in clear text This option encrypts the credentials namely SMB account SMB password SMB domain These credentials otherwise sent as a clear text e Only use NTLMv2 This option will cause scanner
60. der 450 100 J of 450 Plugins Selected TF g b m sn m l I Click to display all Windows family vulnerability test plugins in the right hand calumn Selector Deselect ALL plugins in the Wiin d ons family Clicking E next to a family name will select every plug in in that family Similarly clicking o will deselect all plug ins in that family 2 6 1 Plugin Names Plugin Hames E e compression Plus Zoo Archive Processing Buffer Overflow Vulnerabilit Mozilla Browser 1 7 3 o PFTP clear text passwords SMB MativeLanMan o Google Toolbar HTML Injection Vulnerability o Preys Pra 2005 1 0 0 1 Multiple Mulnerabilities o Adobe Reader 7 0 8 BETTERINTERMET detection amp Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 22 C e O e M e O D www enterprise comodo com El Creating Left clicking on the individual plug in name in the right hand column will open an advisory panel containing a description of the plug in Plug in advisories replicate the report message that failing this plug in test would produce in the scan report Plugin Hame Prevx Pro 2005 lt 1 0 0 1 Multiple Vulnerabilities e Description oynopsis The remote Windows host contains an application that is affected by multiple issues Description The remote hostis runing Prevx Pro 2005 an inirusion protection system for Windows The installed ver
61. dividually but present it in an more easily digested manner allowing admins to quickly pick out where insecurities lie and to assess then investigate any surges in the trends Executive reports are designed to give an over view of a network comprising many different hosts Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 53 C e O M e O D e www enterprise comodo com El Creating Comparative Summary Risks by Severity Percenta ge Severity Number Trend B Security Holes B Security Warnings B Security Notes Risks by Category Category Number Trend Percentage Trend Service detection Web Servers Firewalls General CGI abuses XSS gucdt Bo E CH Lu fal 5 1 4 Risks hy Status Status Number Percentage E Fixed Removed 1 B New 3 Current i The following screen would appear Executive Summary Report You are logged in as Te G Logout Executive Reports Scan History a back to report list Executive Summary e Risks by Host gives the information regarding the security holes found security warnings and security notes per host In the table you can see number of vulnerabilities per host total percentage proportion in diagram per IP address your IP address1 vs your IP address2 vs your IP address3 etc each host is represented by a different color e lop Risks Categories by Host gives t
62. dress posimaster SLIT REI zaryicez Third party domain na Unknown cols arguments torture To addrezs na Weh mirrarinn Third party domain During SMTP testing Nessus may attempt to send and or relay email through the target SMTP server The value specified here will be used as the third party domain for these attempts e To address During SMTP testing Nessus may attempt to send and or relay email through the target SMTP server The value specified here will be used as the To address for these attempts This field allows a special variable name called AUTO REPLACED IP If used that name will be automatically expanded to the IP address of the target 2 7 24 SNMP settings SHIP settings de Plugin Preferences SMB use host SID to enumerate local users Community name public SMTP settings SHRP settings Ee Sor settings Services UDP port 161 Community name public UDP port 161 Unknown CGIz arguments torture Community name english Web mirroring Windows File Contents Compliance Checks LIDP port 5 Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 35 C e a M e O D e O www enterprise comodo com El Creating e Community name If the SNMP port scan option is enabled the SNMP community name configured here will be used This community name is passed to th
63. e Find out more What is a CVC Content Verification Certificates are an X509 compliant certificate type and are created distributed and revoked using proven PKI Public Key Infrastructure methods to provide the highest level of security for web page content This facilitates the deployment of verified login boxes verified navigation panes verified trade marks brands and web graphics such as the HomeConvenience logo CVCs empower enterprises to take a proactive preventative response to Phishing attacks by allowing highly reliable end user verification The verification process initiated by the user and not the web server allows any digitally signed content bound to a specific URL IP to be rendered onto the display in a different way to all other non verified elements displaying a highly visible green border around the monitor whenever the user rolls the mouse cursor over trusted content Green Border means Verified by Comod CVC s allow website visitors to instantly verify that they are on BESCHE ER a legitimate genuine website and not a fake copy Simply mouse over website No Green Border means protected graphics jeg pour a m Why should a customer trust a CVC website logo and 2 highly visible Not verified by Comodo green cutlime will Ge os a 2 pect l SR around the monitor to indicate that Before issuing a CVC to any organization or individual graphic is authentic Comodo performs a high assura
64. e We recommend that for 6 logos or mare you selectthe Animated option z Back Next gt Cancel The cards shown here are purely for layout visualization purposes The final graphics will cansist af the specific card types you chose earlier e After clicking next you come to the size and border selection screen This determines how large the final CVC logo will be The Border Color drop down allows you to choose a color that blends best with the scheme of your website Choose Size selectthe size af your araphic EENS z Back Cancel i The cards shown here are purely for size visualizatian purposes The final graphics will consist of the specific card types you chose earlier Click Next button to continue to the last stage logo confirmation The logo confirmation screen displays the exact choice of logo that you have selected in the previous stages It displays the exact logo types in the presentation size and border color you chose earlier Click Back should you wish to modify your choice Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 62 C e j M x O D i O www enterprise comodo com Creating You have chosen z Back Finish Cancel Clicking Finish will return you to the main interface You ll notice that your logo choice is now displayed under your order number You can change the design at any time by clicking Select Content and going
65. e snmpwalk command to try and gather information about the target via SNMP See the snmpwalk 1 manual page for more information e UDP port If the SNMP Port Scan option is enabled this setting specifies which UDP or TCP port will be used to try and gather information from the target via SNMP 2 7 25 SSH settings Plugin Preferences SSH settings Hessus TCR scanner i EN 7 SSH user mame oct Mikto MASL wrapper Oracla attingat SSH password uns afa Ping the remote host SSH public key to use SMB Scope SSH private key to use SMB use host SID to enumerate local uzers SMTP settings Passphrase for SSH key SHMP settings p AAA SSH user name nessusGlnessus org SSH settings pe WS kb P i i be BS E i yes SSH password unsafe Unknown Gls arguments torture SSH public key to use Web mirroring m w Windows File Contents Compliance Checks w NM l e SSH user name This option is used with the local security checks functions of Nessus The value specified here will be used as the user name when establishing an SSH connection to the target host to login and perform local security checks e SSH password unsafe This option is used with the local security checks functions of Nessus The value specified here will be used as the password when establishing an SSH connection to the target host to login and perform local security checks e SSH public key to use This option is used with the loc
66. elected at once 4 2 T HAVIGATION BUTTONS To choose all reports Foun 18 Q A for one of the le ted device ound 11 18 of 18 rows Refresh Select all reports for check the box Comparative Summary alongs ide it s name view mycdomain corm Y Executive Summary Delete our IP address P PCI Compliance Report VW E Cam ple Com Control to access different types of report The Report Summary Screen provides access to four types of reports Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 42 C eL M eL D O www enterprise comodo com Creating e Individual Audit Reports Individual reports are a detailed overview of scans on a single host They include a prioritized list of the vulnerabilities found expert remediation advice and thousands of cross referenced online advisories More details e Comparative Summaries Enterprise packages only Comparative Summaries allow administrators to view before and after comparisons of the vulnerability status of a single host More Details e Executive Summaries Enterprise packages only Executive summaries provide an overview of the security status of multiple hosts allowing administrators to gain an overview of the health of their entire network More Details e PCI Compliance Reports Users can download a ready to submit PCI Scan Compliance report immediately after a successful scan no vulnerabilities of level 3 4 or 5 More Details
67. er for the service identifications TCP scanners are more intrusive than SYN half open scanners SYN Scan This performs a fast SYN port scan It does so by computing the RTT of the packets coming back and forth between host and the target then it uses that to quickly send SYN packets to the remote host Ping the Remote Hosts This will TCP ping the remote host and report to the plugins knowledge base whether the remote host is dead or alive This sends to the remote host a packet with the flag SYN and the host will reply with a RST or a SYNACK Netstat Scanner This runs netstat on the remote machine to find open ports Set Plugins An individual vulnerability test is known as a HackerGuardian Plug in Each individual plug in is written to test for a specific vulnerability These can be written to actually exploit the vulnerability or just test for known vulnerable software versions HackerGuardian is continuously updated with the latest plug in vulnerability tests via a direct feed available to all PCI Scanning Service subscribers providing up to the second security against the latest vulnerabilities At the moment there are over 24 000 with more being developed and added weekly This area enables the administrator to choose which plug ins are deployed during a scan Plug ins can be enabled or disabled by family type or on an individual plug in basis Plugin families are listed in the left hand column individual plugins are wit
68. ers fail the test you will find lots of helpful advisories in the scan report that will help you patch the security holes That s why EACH report contains a condensed PCI specific Mitigation Plan a concise bulleted list of actions that you need to take to achieve compliance Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 49 C e O M e O D e O www enterprise comodo com Creating E Mitigation Plan You must undertake the following remedial actions or provide us with the relevant information if you think the vulnerabilities are already patched or if compensating controls exist Q use the lsnrctrl CHANGE PASSWORD command to assign a password to the tnslznr O See http atn oracle com deplov security pdf 2003 slerts4 pdf Q Upgrade to the latest stable version of or apply the latest patches tol the software s running on part ncube lm 1521 tcp Q http www aracle comi technology deploy security pdt 2004 slert s odf Risk Factor High We recommend you undertake the following remedial actions Q Filter incoming traffic to por service qeneral icmp if the service is nat used Q Filter incoming traffic to por service ncube Im 1521 tcep if the service is not used Q http support microsoft com default aspx kbid2241520 Q Restrict access to the database to allowed IPs only 2 11 4 Compare Reports The Compare reports functions allows administrators to conduct bef
69. ever under certain circumstances you may wish to put your CVC on a different domain For example You would prefer the CVC on a different domain to the one you specified when you filled out the application form You bought CVC alongside an SSL certificate but would like to place the CVC on a different domain to the SSL certificate Option 1 If the replacement domain is already listed in IdAuthority you just need to Select it as your CVC website Option 2 If the replacement domain is NOT listed in IdAuthority you need to 1 Register the new domain with IdAuthority 2 Select it as your CVC website Registering a new domain in IdAuthority If the domain you wish to add the CVC to is not already in IdAuthority you can quickly add it by selecting Click here to register your website s in IdAuthority as shown below CVC Options that they appear in the Select Website lists CVC Product Type Valid Valid Serial Number Website From To Status Cate Order at Content Trial Payment Credential CVC for test com Awaiting Request ene 1234567 26 DEC 06 Select Website Select Content Return to Management Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 64 Cc a M eL D O www enterprise comodo com Creating This will open a pop up window entitled Your Websites which shows a list of all the domains you have registered in IdAuthority Your Websites Websi
70. ghts reserved 65 C e a M e O D e O www enterprise comodo com Creating El This will open a small pop up window containing a list of all the domains you have registered with IdAuthority Locate the desired domain on this list and left click to select Press Continue to confirm your selection Select Website glbickerton tv Www Ww comodo com test comi uniontelecard com trustlogo com NOTE If your desired domain is not in this list it is because you have not registered it with IdAuthority For more details refer to the section Registering a new domain in IdAuthorit Request Validation Before we can issue your Payment Credential CVC we need to validate your ownership of the domain Once you have chosen your credit logos selected your website and if neccesary registered a new domain in IdAuthority you should click the Request Validation link highlighted below 123456 26 DEC 06 Le Eu e Paint te Warfw H Displaying the Payment Credential CVC delivers a message to your customers that you are legally validated to accept credit card payments online and reassures them of your real world business identity In order to establish this trust relationship between your website and your customers it is essential business practice of Comodo to fully validate your application In order to validate your CVC you will need to send us some documentation which brings us onto the next stage Subm
71. he information regarding the categories In the table you can see number of failed tests in each category per host and total number of top risk categories Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 54 C z O M O M D M O www enterprise comodo com E Creating Executive Summary Report Executive Summary Risks by Host IP Address Hales Warnings Total Ba Total per IP Address p Your P address np 21 o your IP address2 13 0 Top Risk Categories by Host IP Address Top 5 Risk Categories B vyour IP addresst General 10 Service detection 7 CGI abuses 255 3 Windows 1 o your IP address General 7 Service detection 3 CGI abuses XSS 2 Firewalls 1 Scan History Scan History consists of three section e Risks by Severity plots the total vulnerabilities discovered across a users network over time Note the more hosts you have in your network the higher the likely number of reported vulnerabilities This graph delineates the threat profile to a network over time and allows administrators to gain an overview of the success of their threat mitigation strategies and measures Risks by Severit ol E 24 05 24 05 07 06 21 07 28 08 13 09 02 11 11 12 11 12 11 12 Date a botes m Warnings g Holes m Hosts e Risks by Host displays the total vulnerabilities discovered over time per host each host is represented by a d
72. hin the Get Options page in the Port Range field e The PCI Scan Control Service scan tests up to a total of 65 535 ports the total number of ports available on your system The Daily and Free services will scan the first 15 000 ports on your system This is a targeted selection of the most commonly used and commonly attacked ports Note that most services run on the reserved ports below 1024 and security industry experts agree that these are the most commonly targeted ports In some circumstances it will be beneficial to test all 65 535 ports but administrators should be aware that this will lengthen the scan time All Services I have changed my password and now cannot login to the HackerGuardian website why When you change your password there is a delay between changing it and that change being synchronized with the HackerGuardian database Please allow 15 minutes for the synchronization to take place after changing your password Scan Compliancy Does HackerGuardian use the latest CVSS v2 Yes HackerGuardian uses the latest Common Vulnerability Scoring System version 2 CVSS v2 All HackerGuardian PCI Scan customers are not impacted by the change from CVSS v1 to v2 as we have already been using v2 PCI FAQ e Whatis PCI DSS e Whatis the Self Assessment Questionnaire Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 79 C e O M e O D e O www enterprise comodo com Creating
73. hin those families listed in the right hand column Plugin Family Column Contains a list of the Plug in types by broad category Clicking the check button E at the top of this column means you will include all plug ins in all families Conversely clicking means to deselect every individual plug in in every plug in family Individual plug ins are grouped according to broad threat classification Click the name of any plug in family in the right hand column to display the full list of individual plug ins of that family in the left hand column Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 21 C e O e M e O D e O www enterprise comodo com Creating Sel Plugins You are logged in as TestUser Logout 23570 of 23570 Plugins Selected Plugin Family CA CO Plugin Manes AIX Local Security Checks OH AIX 5 1 1719744 3032 69 of 3032 Plugins KE AIX 5 1 1120486 m Selected o o ALA s o i T2UdUb Backdoors AIX 5 1 1121309 75 2 of 75 Plugins Selected eo EA Alx 5 1 1122266 Brute force attacks Q AIX 5 1 1122268 27 2 of 27 Plugins Selected QO AIS 5 1 1423041 CGI abuses CA Als 5 1 1123046 1686 72 of 1686 Plugins E als 5 1 1123947 Selected Q o CGI abuses 455 w hd In the example above the user selected the plug in family Windows The list of family members for Windows is shown in the right hand column Aa CS f Rin
74. ifferent color The X axis displays the date on which a scan was conducted whilst the Y axis indicates the number of threats discovered The number of plugins deployed during a particular scan is represented by the grey line The graph enables administrators to gain both an overview of the overall of health their network and to monitor the security of individual hosts within that network Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 55 C e O e M e O D O www enterprise comodo com Creating Risks by Severit 24 05 24 05 07 06 21 07 25 08 13 09 02 11 11 12 11 12 11 12 Date mllotes m Warnings g Holes m Hosts Scan frequency and Hosts indicates the regularity and volume of vulnerability scans Administrators should use this graph to quickly check whether scans are being conducted according to their pre defined scan schedule Any unscheduled gaps in this chart would indicate that a scan did not take place on that date and may be cause for investigation Similarly any unaccounted dip in the number of hosts that were scanned will be recorded here Scan frequency and Hosts Humber of hosts 24 05 24 05 07 06 21 07 28 08 13 09 02 11 11 12 11 12 11 12 Date 2 11 6 PCI Compliance Reports The PCI Compliance report is the one you need to submit to your acquiring bank to demonstrate compliance To view report click on link PCI Compliance Report against the needed IP address in the reports li
75. ile RewriteEngine on RewriteCond REQUEST METHOD TRACE TRACK RewriteRule F Alternatively note that Apache versions 1 3 34 2 0 55 and 2 2 support disabling the TRACE method natively via the TraceEnable directive Plugin output The server response from a TRACE request is TRACE Messusi537808302 html HTTP 1 1 Connection Close Host comodo group demarc cogentco com Pragma no cache User Agent Mozilla 4 0 compatible MSIE 6 0 Windows NT 5 0 Accept image gif Image x xbitmap image jpeg image pjpeg image png Accept Language en Accept Charset iso 8853 1 utf 8 G CVE CWE 2004 2320 BID 9506 9561 11604 Other references OSVDB 877 OSVDB 3726 Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 48 C e O e M e O D e www enterprise comodo com El Creating If you think this is a legitimate false positive click the Click here link shown above This will open the false positive reporting interface shown below False Positive Settings False Positive Plugin Name Deprecated SSL Protocol Usage Sarvica Nama https 443 tcp Host 11 111 111 111 O You confirm that this security item is a false positive and has been fully patehed fixed on your feryer ao Our s cunty experts may review the miormston provided to ensure it is correct and accurate Please provide brief information on the patch applied or upgrade which produced the false positive Save J C
76. individual false positive number Displays the date and time in which the administrator submitted the false positive report Displays the host on which this false positive was detected Notes Displays the notes that was entered by administrator when submitting the false positive report Displays the status of detected false positive Accept Reject Reason Displays the feedback from Comodo support team after reviewing of the information 2 10 Email Alert Options If you click Email Alert Options the following screen appears Email Alert Options You are logged in as Test Logout Email Alert Options Send a reminder message if you haven t done a scan in 3 months Send an email when new plugins are added to the system In the Email Alert Option if you select Send an reminder option then you would get a reminder sent to your email if you have not performed a scan in 3 months Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 40 C e a M e O D e www enterprise comodo com El Creating In the Email Alert Option if you select Send an email option then you would get an email whenever new plugins are added to the system If you click Set to default Values if there is any one of the operations is not performed or new plug in is added you would be notified by email If you have finished click Save to take effect of the alerts you made If you click Cancel then you would
77. ion 11 2 of the PCI standard then you will also need to obtain quarterly vulnerability scans on your network HackerGuardian will conduct an in depth audit of your network to detect vulnerabilities on your network and web server If your servers fail the test you will find lots of helpful advisories in the scan report that will help you patch the security holes After your infrastructure passes the scan HackerGuardian will automatically generate the PCI Compliance report that you need to send your acquiring bank as to demonstrate your compliance Find out more about HackerGuardian PCI Scanning Services 3 Send the completed questionnaire attestation and the Scan Compliance report to your acquirer Both the PCI Scan Compliant report and the Annual Self Assessment Questionnaire should be turned into your merchant bank Your merchant bank will then report back to the Payment Card Industry that your company is PCI Compliant Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 84 C e a M e O D e www enterprise comodo com El Creating About Comodo Comodo is a leading global provider of Identity and Trust Assurance services on the Internet Comodo CA offers a comprehensive array of PKI Digital Certificates eCommerce Acceleration and Infrastructure Security solutions including User Access Authentication Two Factor Multi Factor Network Vulnerability Scanning and PCI compliance services With over 10 0
78. ip time RTT per nmap probe packet e Initial RTT Timeout ms When the Custom Timing Policy is selected for the nmap port scanner this option specifies the initial probe timeout This is generally only useful when scanning firewalled hosts with PO Normally Nmap can obtain good RTT estimates from the ping and the first few probes The default mode uses 6000 e Ports Scanned in parallel max Specifies the maximum number of scans Nmap is allowed to perform in parallel Setting this to one means Nmap will never try to scan more than 1 port at a time It also effects other parallel scans such as ping sweep RPC scan etc Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 33 C e a M e O D e O www enterprise comodo com Creating E e Minimun wait between probes ms When the Custom Timing Policy is selected for the nmap port scanner this option specifies the minimum amount of time Nmap must wait between probes This is mostly useful to reduce network load or to slow the scan way down to sneak under IDS thresholds File containing grepable results This option will look to the specified file for the results of the nmap port scan Thus Nessus will not launch nmap but rather read a file containing the results of a previously run nmap session The act of generating this nmap result file must be done manually before running the Nessus scan e Data Length Normally Nmap sends minimalistic packets
79. iser G Logout PCI Scanning Select areport to view Start Year Month Day End Year Month Dey Refresh n m EN t End Audit pos evice Reques 1 EN AF Mame DER Targets Time Start Time Time Time gp Compliance Daily Scanning Test a O Detailed 2008 10 14 2008 10 14 In DEL examalke com A la Falee Positives report ma 12 34 14 12 34 20 N A 0 00 O Progress M A Test gt O Detailed 2008 10 09 2008 10 09 I mm Vos report You Paddressi i n o 13 49 53 WA 0 00 O Failure AA O Detailed 2008 10 09 2008 10 09 3 Found 3 row s Select all reporte for Comparative Summary Refresh your JP address 1 Executive Summary Delete example com PCI Compliance Report Note Merchants and service providers have the ultimate responsibility for defining the scope of thair PCI Security Scan If an account data compromese occurs via a IP address or component not included in the scan the merchant or service provider i5 responsible Tour f k on pur service m rovi wia thes form Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 18 C e O M e O D e O www enterprise comodo com Creating You can stop the scan at any moment you wish In order to do it just click on Stop Scanning button of the left side menu as shown above Confirm the action by clicking APPROVE in the dialog that
80. it Your Validation Documents Submit Your Validation Documents There are two types of documents you need to submit to us 1 Business Validation Documents ii Merchant Account Validation Documents You need to supply samples of both types in order for us to validate your CVC 1 Business Validation Documents If you have not already done so you need to supply any ONE of the following documentation via fax post or email to docs comodogroup com quoting your Order Number If the order has been applied for in your company s name e Articles of Incorporation Business License Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 66 C e a M e O D e www enterprise comodo com El Creating e DUNS details e g your Dun amp Bradstreet company number e If the order has been applied for in your trading name and you do not have access to the above documents e Trading License e Copy of utilities bill bank statement cheque containing your trading name e f the order has been applied for in your own personal name or the order is not for use by a commercial entity e Copy of your drivers license or passport Note 1 Business Validation Documents need only be submitted by NEW Comodo customers i e you have never purchased anything from us before have no entry in IdAuthority Pre existing SSL customers existing account holders can skip this step but must still submit Merchant Account Valid
81. k Remove Domain button next to the needed domain name Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 16 C e a M e O D e O www enterprise comodo com El Creating Add Domain Add IPs Use www testmypesecurity com Status H H Total domains 1 AR Free domains O Save Lancel e Confirm your wish to remove the domain in the pop up dialog The page at https 11 111 111 11 says s Do you really wank to remove domain ww mydomain com Cancel e Click Ok to continue otherwise press Cancel button e Click Save to finalise removing of the domain 2 3 4 Start Scanning Once the device is added you can scan the target device Note The IP address that HackerGuardian scans originate from is 67 51 175 32 28 You may have to modify your firewall to allow scans from this range PCI Compliance scan On demand vulnerability scan make sure the box PCI Compliance Enabled is checked Devices Se DEE Hacker Hacker Name Content PCI PCI Scan Proof Proof Controls Compliance Enabled Status Enabled Test comoda com v On Hald D Edit Delete Next click Start PCI Scan to begin PCI compliance scanning To run on demand vulnerability scan click Start button NOTE If you didn t enable any scan the following notification will appear E There are no enabled devices to scan If you have several devices and wish to run PCI compliance or on demand scan only f
82. le Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 38 C e 0 M e O D e www enterprise comodo com Creating B 2 9 schedule Options You are logged in as TestUser E Logout Schedule scans to suit your needs Select Specific date option to schedule the scan on 4 particular date and time If the scans are to be performed recurringly select the recurring option Schedule Options specific date Oct iw 14 2008 al O Recurnng From Oct w 14 ll 2008 el to Sep wl 25 wl 2009 v O Daily weekly Sunday v Monthly 01 v intervals 0 Days Time 14 w Hrs GMT GMT 00 00 Greenwich Mean Time Dublin Edinburgh Lisbon London m Select a device you require to scan Test ie o Select a device LC PCI Compliance Sean Test In the Add New Schedule options you could see the following options These are e Specific Date If you select a specific date in the schedule options and specify a date when the scan needs to take place then the scan would be performed automatically on the particular date you have specified Recurring If you select Recurring you need to specify From and To dates and also when the scan has to take place i e daily weekly monthly or intervals e Daily Scan is performed daily Weekly Weekly once scan is performed on the specified day e Monthly Monthly once the scan is performed on the specified date
83. le com E Note Merchants and service providers have the ultimate responsibility for defining the scope of their PCI Security Scan If an account data compromise occurs via an IP address or component not included in the scan the merchant or service provider is responsible k ono ia this form The Comparative summary report is different to regular reports in that it presents a time line of security threats on a particular host It is best used to analyse the historical security status of a single host target over time The following screen would appear if you compare two or multiple reports Comparative Summary Report You are logged in as Logout Comparative Summary Report Comparative Summary Scan History back to report list Comparative Summary section consists of tree parts Risks by Severity Risks by Category Risks by Status Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 51 C e O M e O D O www enterprise comodo com Creating Comparative Summary Risks by Severity Percentage Trend Severity Number Trend B Security Holes B security Warnings B Security Notes 5 CH bh CH da cro Risks by Category Category Mumber Trend Percentage Trend B Service detection 3 5 O Web Servers 1 B Firewalls 1 1 B General T 2 B CGI abuses 5S5 Z U 5 i l l Risks by Status Status Number Percentage B Fixed Removed
84. liczbe Suppon k n fren EI ZO wr FREE Email nem CWC Technology prowe your Guides E Antons ad ecu Cebticate d li eu a Teo Factor Authentiomtion Seco Sec 7 illa a D s loe your Secure Serrar Pan henbecatian ERR Barreornd hansar e MAFA ordine faxing cent emm E _ gang ka ag 19 95 yr FREE Seres Scanning OMITA TADA uk technology awards l D tem zeg FIHALESTZ0C4 AUMENTE amp SECH e Click CVC Manage your Content Verification Certificate in the Account area My Account Areas Reseller Manage customer orders placed through your Reseller Account Web Host Reseller Place orders on behalf of customers through your Meb Hast Res E PKI Manager Place orders through your E PEI Manager SSL Certificates Manage your SSL certificates C we D Manage your Content verification Certificate SSL Server Certi te D servers registered j click here to choose your credit card logo TrustL Make the mast of your TrustLogo View Trusts served statistic AUSt ego comodopaw entcom wl Choosing your credit card logos To begin picking your credit card types and designing your final logo Click Select content Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 60 Cc a M eL D O www enterprise comodo com Creating CVC Options Please cli ister y lebsite s in IdAuthority so that they appear in the Select Website lists CVC Product Type Valid Valid Serial Number
85. ll take place on the IP address that this domain resolves to A device only associated with an IP cannot be daily scanned and gain HackerProof status Domain ownership must be validated by Comodo before scanning is allowed to commence If you create PCI HackerProof Devices both daily and PCI compliance scans will be run for these devices You must have at least one PCI scan compliancy license and HackerProof daily scan license At least one domain that you wish to be daily and PCI scanned must be added to a PCI HackerProof device but the actual scans will take place on the IP address that this domain resolves to The IP address that the domain resolves to will be scanned daily and if pass they receive the Hackerproof trustmark for the domain You can optionally add more IP addresses to this device The additional IP address es that were added by user can be scanned for PCI compliance To gain PCI compliance for this device all IP addresses must pass the PCI compliance scan A device only associated with an IP cannot be daily scanned and gain HackerProof status Domain ownership must be validated by Comodo before scanning is allowed to commence 2 3 2 How to Create a New Device L Switch to Scan Manager area of the interface 2 Click on Add Device button as shown below a Scan Manager You are logged in as TestUser Devices E Retest Security Items PCI PI Scan Hacke Name Content z Hacker
86. lties onto merchants and service providers which can include e Increased transaction processing fees Fines of more than 500 000 for serious breaches e Suspension of credit card transaction processing abilities Comodo HackerGuardian provides a range of services that make PCI compliance easy Find out which service is right for you at www hackerguardian com Make it easy for me What do I have to do to become compliant 1 Complete the PCI Self Assessment Questionnaire using our free online wizard Preliminary questions will help you to determine which validation type your company fits into and therefore of the 4 self assessments questionnaires you need to complete e Each of the questions is accompanied by expert help information and advice that will help you to both interpret the question correctly and provide the appropriate answer e Once the wizard is complete you will receive e A questionnaire summary detailing any control areas on which you failed compliance A custom Remediation Plan for your company containing a list of remedial actions that you need to take alongside links to recommended products and services that will help you resolve non compliant areas A ready to submit PCI DSS Self Assessment Questionnaire which will include your completed Attestation of Compliance 2 Conduct a quarterly vulnerability scans on your externally facing IP addresses If your organization is required to be compliant with sect
87. lugin Preferences Hydra HTTP Hydra HASC wrappers options Hydra Cisco enable Hydra HTTP Hydra HTTP prosy d 2 8 Hydra HTTP proxy This option enables integration with the THC Hydra network authentication brute force cracker Enabling this option will cause Hydra to attempt to brute force crack HTTP authentication Plugin Preferences Hydr a HTTP proxy Hydra HTTP Hydra HTTP prouy Web site optional Mudrar CAE me Web site optional Hydra Postgres Web site optional 30 Hudra SAP R3 cu Web site optional 2 5 11 4 20a smp Hudra SMA 2 9 Hydra LDAP This option enables integration with the THC Hydra network authentication brute force cracker Enabling this option will cause Hydra to attempt to brute force crack LDAP authentication Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 2 C e a M e O D e www enterprise comodo com Creating 5 Plugin Preferences Hydra LDAP AY Ors Allie mmi il Hydra HTTP proxy ON null Hydra LDAP DH default 2 7 10 Hydra Postgres This option enables integration with the THC Hydra network authentication brute force cracker Enabling this option will cause Hydra to attempt to brute force crack LDAP authentication Plugin Preferences Hydra Postgres Hydra LDAP Database name optional nul Hydra Postgres Hudra SAD E Database name optional cgi binc scnpts
88. map port scanner is selected this option enables fingerprinting the operating system OS of the target host Use hidden option to identify the remote OS If the nmap port scanner is selected this option enables the osscan guess or fuzzy command line options when nmap is called If nmap attempts to fingerprint the target s operating system and is unable to correctly identify it these options will cause nmap to be more aggressive in trying to identify the remote OS This option should now be depreciated as nmap now attempts to guess the remote OS automatically if a good fingerprint match is not discovered Nessus also has built in OS fingerprinting os fingerprint nasl Consider using this plugin in Nessus it should be less intrusive to the target host Fragment IP packets bypasses firewalls If the nmap port scanner is selected this option causes nmap to fragment IP packets during the port scan in an attempt to bypass some firewall devices e Get Identd info If the nmap port scanner is selected this option enables RPC identd scanning e Do not randomize the order in which ports are scanned If the nmap port scanner is selected this option tells Nmap NOT to randomize the order in which ports are scanned e Source port If the nmap port scanner is selected this option sets the source port number used in scans e Auto nessus specific In addition to the Nmap built in timing policies Nessus also provides this auto
89. me results The only difference is that this option uses nmap to port scan while the other option Enabling either option will option does the port scan directly from Nessus Enabling both options is not necessary it would simply cause the target host to be port scanned twice Doing so would also make the scan take significantly longer to complete FIN scan If the nmap port scanner is selected this option uses the FIN scan method for the port scan e Xmas Tree scan If the nmap port scanner is selected this option uses the Xmas Tree scan method for the port scan e SYN FIN scan If the nmap port scanner is selected this option uses the SYN FIN scan method for the port scan FIN SYN scan If the nmap port scanner is selected this option uses the FIN SYN scan method for the port scan e Null scan If the nmap port scanner is selected this option uses the Null scan method for the port scan e UDP port scan If the nmap port scanner is selected this option enables UDP port scanning Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 32 C e a M e O D e www enterprise comodo com El Creating Service scan If the nmap port scanner is selected this option enables the Nmap service fingerprinting techniques by passing the sV flag to Nmap when it is called e RPC port scan If the nmap port scanner is selected this option enables RPC port scanning e Identify the remote OS If the n
90. move a domain from a device 2 3 3 1 Moving Domain to Another Device e Switch to Scan Manager section of Hackerguardian interface Click on Edit button alongside the needed device in Controls area Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 15 C e O M e O D e www enterprise comodo com Creating e Scan Manager You are logged in as Testlser E Logout Devices Hacker dE SCAN acker Proof Status Proof Name Content Compliance Enabled Enabled Test mydamain com Add Device Start PLI Scan Start e Click Move link next to the needed domain name Add Domain www domain com Status Move Total domains 1 Free domains O Tick off the destination device in the pop up dialog Move Domain Dialog Moye selected domain vw rmydarmain carm to the device O test Mowe Cancel e Click Move to continue otherwise press Cancel button e Click Save to finalize moving of the domain 2 3 3 2 Removing Domain from a Device e Switch to Scan Manager section of Hackerguardian interface Click on Edit button alongside the needed device in Controls area Scan Manager You are logged in as TestUser Hacker PCI PU Scan Ver Proof Status Proof Enable Compliance Enabled Test mydomain com Awaiting Validation v tdt Add Device Mame Content Start PLI Scan Start e Clic
91. n Once a PCI device has been created it will become available for selection in the Scan Manager area Next Important Notes How to create a new device Important Notes Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 11 C e O e M e O D e www enterprise comodo com El Creating We recommend that you create separate devices for each type of scan l e separate devices for HackerProof and PCI scans You can use the same domains IP addresses across multiple devices If you create PCI only devices only PCI compliance scans will be run for these device You must have at least one PCI scan compliancy license You can add and scan as many IP s as allowed by your PCI license These IP s can be spread across as many devices as required At least one IP address or at least one domain name that you wish to scan for PCI compliancy has been added to the device If you only specify a domain name then the PCI scan will actually take place on the IP address that this domain resolves to IP address do not need validation PCI compliance scans on IP s can begin immediately If you create HackerProof Only Devices only daily scans will be run for these devices You must have at least one Hackerproof daily scan license You can scan one domain per daily HackerProof license At least one domain that you wish to be daily scanned must be added to a HackerProof only device but the actual scan wi
92. nce validation process We verify the identity of the applicant the ownership of the domain and the legitimacy of the content to be stored in the CVC What is a Payment Credential CVC For the first time consumers can authenticate that payment credential logos e g Visa Mastercard etc on your Web site are genuine and not faked Content Verification Certificates CVC are issued only after Comodo confirms that a merchant is approved by all card issuers They deliver highly visual assurance to your customers that you are authorized to accept online payments Why do need vulnerability scanning if have an SSL certificate SSL certificates do not secure a web server from malicious attacks or intrusions High assurance SSL certificates such as InstantSSL provide the first tier of customer security and reassurance namely e A secure connection between the customer s browser and the web server e Validation that the web site operators are a legitimate legally accountable organization However consumer fears in the light of recent attacks on high profile merchant web sites now mean that businesses need to ensure that their websites are tested and are secure against all known vulnerabilities Furthermore organizations such as the Payment Card Industry PCI have introduced guidelines that make server vulnerability testing a mandatory Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 15 C e O M e O D
93. ngestion detection Ping the remote hast 2 7 17 Nikto NASL wrapper Force full generic scan this option is used with the Nikto pi CGI vulnerability scanning option within Nessus Enabling this option will cause Nessus to pass the generic option to Nikto when it is called This forces a full scan rather than trusting the Server identification string as many servers allow this to be changed LOGI COPTICLIPSTIOFIS zl Nikto NASL wrapper Misc information on News server Force full generic scan Nikto MASL wrapper 2 7 18 Nmap NASL wrapper Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 31 COM O D Creating El www enterprise comodo com Preference List Cleartest protocols settin Nmap MASL wrapper TCP scanning technique i Do not scan fragile devices ZIL STA scan Global variable settings em stam p HTTP login page login page Xmas Tres scam Hydra MASL wrappers options Pilsen P Hydra cisco enable Hydra HTTP proxy Hydra LDAP Hydra Postgres Hydra SAP R3 Hydra SMB Kerberos configuration Login configurations Misc information on News server v UDP port scan Service scan RPC port scan Identity the remote OF Use hidden option to identify the remote Oz Fragment IP packets bypasses firewall v Get Identd info LI Go not randomize the order in which ports are scanned
94. no peiden ji cx win mydomain 2002 04 30 N A M A D ES Failed The Sitelnspector Scanning Service Reports section has the following columns Section Specific Controls View Report Menu Element Description Device Name Shows the scanned device name Reports Shows the scan report Note The detailed report is available only for devices with status Finished and check status Malicious Target Shows the scanned domain s name Time Request Start l Shows the Date Time and period of the performed Scan End Scan Time Status Shows whether the scan has been completely performed or not If completely performed then the Status is shown Y Finished If not completely performed then the Status remains In P In Progress In case of scan is completed with error L Failed Check Status Shows whether the website is Safe or Malicious If the website is malicious you can view the details by clicking the Detailed report link in the Reports column Refresh Report List Enables administrator to update the list of available Sitelnspector scan reports Control To view the Sitelnspector scan report click on the Detailed Report link listed under the Reports column The following screen with the summary appears Note The link is available only for websites with the state Malicious Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 12 C e
95. ontent that could harm your customer s machines Free PCI Scan is valid for 90 days and allows merchants to achieve PCI scan compliancy free of charge e PCI Scan Compliancy Service on demand security auditing service Provides PCI Scan compliance reports and includes free Payment Credential CVC e PCI Scan Compliancy Service Enterprise as above but allows 100 PCI scans per quarter on up to 20 IP addresses and includes advanced reporting and configuration options e Site Inspector Scanning the next dimension of website security scanning Sitelnspector acts as a vulnerable customer visits your website and views all pages It then determines if your webcontent is malicious and reports the suspect to the website owner e Free Vulnerability Scan basic non pci vulnerability scanning service that allows home users to test their systems for vulnerabilities HackerGuardian PCI Scan Compliancy Service The PCI Scan Compliancy Service is an on demand vulnerability assessment scanning solution to enable merchants and service providers to achieve PCI scan compliance After each scan users receive a comprehensive vulnerability report detailing any security issues alongside remediation advice and advisories to help fix them Accessed through a secure online interface the service is highly configurable and features a free Payment Credential CVC site seal helping to reassure web site visitors that you are authorized to take card payments online
96. or one of them the only action you should do is to uncheck the boxes PCI Compliance Enabled for exception of not required devices Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 17 C e O e M e 0 r D e 0 www enterprise comodo com Creating 2 PCI PLI Hacker Hacker Name Content t li Scan Proof Proof Controls apra Enabled Status Enabled Delete wv mydomain com UM CHE CK THE BOZ E 11 111 411 11 Add Device 0 THE ONLY DEVICE THAT WILL BE SCANNED I DEVICE WITH MAME Test Stet CI Sean There are not restrictions on the number of IP Addresses that may be selected when starting scans Scans are queued if the number started is greater than the concurrent limit for the administrator The scans are taken off the queue when space exists to run them so their concurrent limit is never exceeded For example if they are allowed to run 10 scans and start 50 then 40 are queued Scan Manager confirms the start of scanning and notifies the administrator after scan is completed Scan Started You are lagged in as TestUser E Logout Scanning has been started You will receive an email notification when the scan is complete to the address test_user example com If you have not received a notification within 2 hours please check back Go to Report List Click Go to Report List button to monitor scanning process Infrastructure You are logged m as Tesil
97. ore and after comparisons on the health of a target domain or IP address Comparative reports can be created by individually selecting the reports pertaining to a specific domain or IP address or by using the Select all reports for function Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 50 C O g M e O D O www enterprise comodo com E Start Year Month Day Endiear Month Day Refresh Audit Time Status PCI Compliance T Creating Request Time Detaile dineros omain 2008 10 152008 10 152008 10 15 A PCI report com 13 21 36 13 21 40 13 22 14 0 34 Finished Compliance SELECT SCAN REPORTS FOR THE SAME DOMAIN OR IP ADDRESS Settings not Detailed www example 2008 10 152008 10 152008 10 15 suitable for report com 13 02 01 13 02 02 KE 0 34 Finished py compliance Start Time End Time Compliant jdomain2008 10 152008 10 152 8 107150 39 Finished 12 59 39 12 59 41 Compliance Detailed ae mydomainz008 10 092008 10 09 report com 13 40 50 13 40 53 WA 0 00 Failure PUE netu co e d E report com 13 40 49 13 40 53 MA 0 00 Failure dl OR USE THIS OPTION TO Found 11 18 of 18 rows SELECT TARGET DOMAIM OR IP Comparative Summar Wena my domain com THENCLICK Executive Summary Comparative Summary ur P address yo O BUTTON PCI Compliance Report WM examp
98. ormed or not the check status e Licensing View License information purchase expiry date type of scan service the number of scans that can be performed with the existing license 2 3 Scan Manager To start a scan click Scan Manager in the options menu The following screen appears Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 9 C e 0 M e O D e O www enterprise comodo com Creating Scan Manager You are logged in as Tesise Ge Logout Devices PCI Carbon Hacker Site Manne Content PCT Compliance Scan Hacker Proof Slalus Praef Inspector Controls Enabled Enabled Enabled mydomain een mid eran zl Avaerting Validation wi ES Delete Add Device Start Sibelnspector Scan Start PCI Scan Start Custom Scan The Scan Manager section shows the list of user stored devices The the following information could be visible Section Specific Controls Scan Manager SEI Description Type E Name Text field Displays the device name a friendly name which was given by administrator when creating the device Content Text field Displays all the associated domains e g www domain com or IP addresses that administrator specified for the device Tip Point the mouse over the name to view all the associated domains or IP addresses NOTE If you specified only IP address without domain name it is displayed in the field If you ente
99. ou ll receive an email containing three attachments A Payment Credential CVC for yourdomain com This is the CVC file and will be named with a 6 figure number and a cer extension e g 123456 cer e A Jif version of your final card payment graphic cvclogo gif This is the actual credit card graphic you will display on your webpages and will have a gif extension A Verification Engine download button vengine gif image file After installation it will allow your customers to download the Verification Engine Plugin Installation of the CVC involves three short steps e Upload all three files to your webserver e Use our online CVC wizard to setup the CVC on your website Useouronline VE wizard to setup the Verification Engine button on your website Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 67 C e a M e O D e www enterprise comodo com El Creating Upload the CVC file and credit card graphic to your webserver For simplicity we recommend you upload both the CVC file 123456 cer and the cvclogo gif file to the certs directory on your webserver i e http www yourdomain com certs We recommend that you upload vengine gif to your regular images directory i e http www yourdomain com images Use the CVC wizard to setup your CVC After uploading the three files to your webserver please visit http www contentverification com installation The form will help you genera
100. pt credit cards This document explains how to set up a Payment Credential CVC on your website There are three main stages 1 Setting up the CVC Loginto your Comodo account Register your domain in IdAuthority if necessary e Select the domain you wish to display the CVC on if necessary e Design your CVC e Request validation 2 Send us your validation documents if you haven t done so already 3 Install the CVC after successful validation 1 Setting up the CVC e Log into your Comodo account visit www comodo com and log in using your account username and password Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 59 C e O M e O D e www enterprise comodo com El Creating Trust Online Pradacts Free Prodoctt Partners Rescues Comore Support Research Servke Contact New EV SSL Certificates accountLogin 777 7 7 Creating BUY YOURS NON FOR OALE Regular Price 8453 dl CW SE AD Y ESL ETE di a a b dd PHI Certicate Solutions Free means Free Products New Technologies amp Comodo 5L Certificates Be renewal er updube feat aver Toimproncndina salet oa Come firi answers in Comodo enam Comodo EV SSL Conifiemaz j O e VW lerabiry zoaneina servicaz gt Starting ab gO yr E Fa just 2250 05 month a L Certificate Support e Code Signing Cartificakes FREE uua ew Buy ipani proof credit card logos a 55L Carti
101. r Region Morth Americal S Mozilla Firefox Ja Es 3 http hackerguardian com login html Secure Account Login for HackerGuardian Users ompl If vau have forgotten your login click here for assistance ird quida It what y NOTE During signup you created a Comodo account with a Username and Password This Username and Password has dual functionality as it allows you to log into the HackerGuardian interface and your Comodo account In order to log into HackerGuardian to configure the service use the login box on www hackerguardian com highlighted above To login into your Comodo account please use the login box at www comodo com After your username password has been verified you will be logged into the HackerGuardian administrators interface More about interface options Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved C O M O D e www enterprise comodo com Creating E Infrastructure Scan Manager You are logged in as Testll er Ge Logout PCI Scanning Hacker Hacker Site Retest Se Iter a cl las a PCI Custom Proof Proof InspectorControls Name Content Compliance Scan Enabled Status Enabled Enabled io Set Options KA Set Plugins Add Device a Set Preferences Ki Email Alert Options Start Sitelnspector Scan Start PCI Scan Start Custom Scan ER schedule Scan it False Positives 5 View Report Daily Scanning
102. red domain name as well it is shown instead of IP PCI Compliance Text field Displays the result of last PCI compliance scan for the device it can be Compliant Not Compliant PCI Scan Enabled Check box Enables administrator to disable the PCI scan temporarily This option is available if the administrator has a PCI scan compliancy license HackerProof Check box Enables administrator to disable the HackerProof Scan temporarily This Enabled option is available if the administrator has a daily scan HackerProof license Sitelnspector Check box Enables administrator to disable the Sitelnspector Scan temporarily This Enabled option is available if the administrator has a daily scan HackerProof license HackerProof Status Text field Shows the validation status of the domain After first applying this will say Awaiting Validation Once we have validated the domain it will change to Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 10 C e O e M e O D e O www enterprise comodo com Creating E Enables administrator to edit the device details Enables administrator to delete the device Add Device Enables administrator to create a device Add Device dialog appears Start Sitelnspector Control e Enables administrator to start Sitelnspector scan on the selected devices Start PCI Scan Enables administrator to start PCI compliance scan on the selected devices Start Cu
103. referenced links to help you fix the problem You should fix all vulnerabilities identified as a Security Hole Furthermore each report contains a condensed PCI specific Mitigation Plan a concise bulleted list of actions that you need to take to achieve compliance After completing the actions specified in the Mitigation Plan you should run another scan until the report returns a COMPLIANT status Additional IP Packs Additional IP addresses can be added to your license at any time Here are the steps you need to follow 1 Visit www hackerguardian com and select know which product want from the top nav bar Next click HackerGuardian Additional IP Address Pack from the product list HackerGuardian PCI Scan Compliancy 1 Yr 79 00 A ADD TO SHOPPING CART HackerGuardian PCI Scan Compliancy 2 Yrs 158 00 ADD TO SHOPPING CART i Hacker Guardian PCI Scan Compliancy 3 Yrs 237 00 ADD TO SHOPPING CART h Buy 1 additional IP address 15 00 r ADD TO SHOPPING CART Buy pack of 5 additional IP addresses 50 00 r ADD TO SHOPPING CART HackerGuardian PCI Scan Compliancy Enterprise 1 Yr 129 00 ADD TO SHOPPING CART Hacker Guardian PCI Scan Compliancy Enterprise Yrs 258 00 ADD TO SHOPPING CART HackerGuardian PCI Scan Compliancy Enterprise 3 Yrs 387 00 App TO SHOPPING CART Enterprise version includes unlimited scans over 20 IP addresses 2 Choose the Additional IP p
104. rity management policies procedures network architecture software design and other critical protective measures Compliance and validation of compliance with some or all of the 12 requirements is mandatory for any organization that stores transmits or processes credit card transactions The exact number of requirements out of the 12 that any one organization need comply with is dependent on that organization s Validation Type An organization s Validation Type is determined by precisely how that organization handles credit card data There are 5 such Validation Types and every organization will that needs to be PCI compliant will be categorized as one of these types see table Validation Types Once an organization has determined its Validation Type or the organization has been assigned as a particular validation type by its acquirer it can complete the Self Assessment Questionnaire SAQ and Attestation of Compliance that is appropriate for that Validation Type Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 80 C e a M e O D e www enterprise comodo com El Creating What is the Self Assessment Questionnaire The PCI Data Security Standard Self Assessment Questionnaire SAQ is a validation tool intended to assist merchants and service providers who are permitted by the payment brands to self evaluate their compliance with the Payment Card Industry Data Security Standard PCI DSS
105. rk Printers O s s s s El s Scan Hovell Netware hosts This script creates a user interface in the Preferences section of the client letting users enable or disable certain categories of network devices and hosts from being scanned Network printers It is usually a good idea to avoid scanning a network printer Scanning a network printer is likely to cause it to print random data thus wasting paper and harming the environment e Novell Netware Older versions of Novell Netware do not withstand a vulnerability scan Please read http support novell com cgi bin search searchtid cgi 2972443 htm before doing a vulnerability scan against a Novell server 2 7 3 Global variable settings This test configures miscellaneous global variables for Nessus scripts It does not perform any security check but may disable or change the behaviour of others Network Security Threat Level None Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 25 C e a M e O r D e www enterprise comodo com El Creating Preference List Cleartext protocols settings Global variable settings i Enable Cal scanning j Hetwork type Mixed use RFC 1918 l O Private LAN LX Public WAN Internet Enable experimental scripts Thorough tests slow Hydra NASL wrappers options Report verbosity Hydra Cisco enable Normal Mikto AASL wra Hydra HTTP proxy A Quiet Verbose Hydra
106. rmation associated with the cardholder that is stored processed or transmitted is also considered cardholder data What if a merchant or service provider does not store cardholder data If a merchant or service provider does not store cardholder data the PCI requirements still apply to the environment that transmits or processes cardholder data Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 81 C e a M e O D e www enterprise comodo com El Creating Are there alternatives or compensating controls that can be used to meet a requirement If a requirement is not or cannot be met exactly as stated compensating controls can be considered as alternatives to requirements defined by the PCI DSS Compensating controls should meet the intention and rigor of the original PCI requirement and should be examined by the assessor as part of the regular PCI compliance audit Are there alternatives to encrypting stored data Stored cardholder data should be rendered unreadable according to requirement 3 of the PCI Security Audit Procedures document If encryption truncation or another comparable approach cannot be used encryption options should continue to be investigated as the technology is rapidly evolving In the interim while encryption solutions are being investigated stored data must be strongly protected by compensating controls An example of compensating controls for encryption of stored da
107. s through the target NNTP server The value specified here will be used as the From address in these test postings Test group name regex During NNTP testing Nessus will attempt to post test articles to news groups through the target NNTP server The value specified here will be used as a regular expression match to find the names of news groups for posting test messages e Max crosspost During NNTP testing Nessus will attempt to post test articles to news groups through the target NNTP server The value specified here will be used as the maximum number of cross posts Nessus should attempt during NNTP testing Local distribution During NNTP testing Nessus will attempt to post test articles to news groups through the target NNTP server If this option is enabled Nessus will attempt to limit test NNTP postings for local distribution on the target NNTP server only e No archive During NNTP testing Nessus will attempt to post test articles to news groups through the target NNTP server If this option is enabled Nessus will attempt to have the test NNTP postings not archived 2 7 16 Nessus TCP scanner Plugin Preferencez Nessus TCP scanner Login configurations A Se Scan ports in random order Misc information on Mews server HMezsus TOP scanner Detect RST rate limitatian ES Hikto NASL wrapper Detect firewall Oracle settings Metwork co
108. sion of Prevx Pro 005 reportedly suffers from multiple vulnerabilities that allow local attackers to bypass the applications security features See also http secuntytracker com alerts 2005 Tun 101 4346 html Solution Unknown at this time Risk factor Low COVES Base Score 2 AY LAC LA w NRG MA PEGE H Clicking K next to an individual plug in will omit it from the vulnerability scan 2 6 2 Plug in updates As new threats and vulnerabilities emerge new HackerGuardian plug ins are developed to detect them The HackerGaurdian PCI Scanning Service is automatically updated with these new additions as soon as they are released ensuring your servers and network enjoy the maximum security from the latest threats You will receive an email notification every time new vulnerability test plug in s are released if you check the appropriate alert box in E Mail Alert Options Email Alert Options You are logged in as Test Ge Logout Email Alert Options Send a reminder message if you haven t done a scan in 3 months EI S Send an email when new plugins are added to the system sore Jl conca Note Although the latest plugins are made available as soon as they are released they are not implemented on a specific scan until they are actually deployed in the Plug in Family Column You are logged in as Testllser 20265 of 23570 Plugins Selected Plugin Family AIX Local Security Checks mes O
109. st Select a report to view Start Year Month Day End Year Month Day DeviC Reports Targets gm Start Time End Time wie Status PCI Compliance Device 1 CLICK HERE TO VIEW PCI COMPLIANCE REPORT Compliant EN PCI W report com 13 21 36 13 21 40 13 22 14 74 K Finished Compliance O rur A Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 56 C e a M e O D e www enterprise comodo com El Creating PCI Compliance report is divided into three sections Compliance Summary E Comodo CA Itd has determined that Your Company is COMPLIANT with the PCI scan validation requirement Hosts Compliance Status 1 Scanning Vendor Information 2 Hosts Compliance Status 3 Severity Rating Mapping 1 Scanning Vendor Information 1 Scanning Vendor Information This report was generated by a PCI Approved Scanning Vendor Comodo CA Ltd under certificate 1111 11 10 within the guidelines of the PCI data security initiative 2 Hosts Compliance Status Each post scan HackerGuardian vulnerability report states a PCI compliance status of Compliant or Not Compliant based on the discovery of potential security flaws on your systems It also displays the date and time of performed scan Your host is PCI Compliant 2 Hosts Compliance Status Your host is NOT PCI Compliant 2 Hosts Compliance Status 00
110. stom Scan Control Enables administrator to start vulnerability scan an on demand scan with their plug in configuration on the selected devices Enables administrator to logout from Hackerguardian interface To start any of available scans administrator need to add a device for scanning 2 3 1 Devices In order to run a PCI or HackerProof scan you must first create a Device A HackerGuardian Device is an umbrella term that describes a grouping of IP addresses and or domains that are to be used as the target for a PCI or HackerProof scan HackerGuardian Devices can be used to mirror a real life device For example a single machine in your organization s infrastructure may have multiple IP addresses and domains which host different services The PCI DSS guidelines state that all these IP addresses and services must be scanned By associating multiple IP addresses and domains to a single HackerGuardian Device you can simulate your real life device and scan it for PCI compliance in one pass All customers must create a device before either PCI or HackerProof scanning can commence e PCI Customers When creating a device HackerGuardian requires that you specify all the IP addresses belonging to your target server host or other device e HackerProof or and Sitelnspector Customers When creating a HackerGuardian device you need to specify the domain name of the website which you would like to display the HackerProof logo o
111. t fobject gt Right click anywhere in the box and Select All Then copy and paste the code into your web page You can display the logo on any page on your website just copy the generated html into each page you want it on Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 68 C e O M e O r D e O www enterprise comodo com El Creating Installing the Verification Engine Download Button In order to leverage the maximum return from your CVC investment we recommend you as a valued customer display a Verification Engine download button on your website To help you install it we have created another wizard that explains how you can add the graphic to your homepage and start benefiting from it immediately See http www vengine com logo html for installation details 3 Sitelnspector Scanning 3 1 Scan Manager Note To run a Sitelnspector Scan administrators will of course need to have created at least one device Please ensure you have completed this step first To start a scan click Scan Manager in the options menu Yo u are logged in as Testllser Logout Devices PCI Custom Hacker Site Manse Content PCT Compliance Sean Hacker Proof Statu Proef Inspector Controls Enabled Enabled Enabled mydomain wu my demain E z Jk Avaeiting Validation ES wl Edit Delete Add Device Start Stelnsperctor Scan J Start PCI Scan JI Start Custom Scan The Scan Manager section
112. ta is complex network segmentation that may include the following e Internal firewalls that specifically protect the database e TCP wrappers or firewall on the database to specifically limit who can connect to the database e Separation of the corporate internal network on a different network segment from production fire walled away from database servers What are the compliance validation reporting requirements for merchants Under the new PCI standard the compliance validation requirements for merchants of the VISA CISP and MasterCard SDP programs have been aligned so that merchants need only validate their compliance once to fulfill their obligation to all payment cards accepted Merchants will provide compliance validation documentation to their Acquirer s Compliance validation documentation consists of the annual self assessment questionnaire and the quarterly PCI scan compliance report Do merchants need to include their service providers in the scope of their review No Service providers are responsible for validating their own compliance with PCI regulations independent of their customers What is a network security scan A Network Security Scan involves an automated tool that checks a merchant or service provider s systems for vulnerabilities The tool will conduct a non intrusive scan to remotely review networks and Web applications based on the external facing Internet protocol IP addresses provided by the merchant or servi
113. tails on the wizard can be found here here Merchants have to answer all questions with Yes or N A to be considered PCI compliant Answering No to any question means the merchant or service provider is not compliant The risk s identified by the questionnaire must be remediated and the questionnaire retaken After creating a user name and password merchants can save their progress at any time Following successful completion of the questionnaire merchants will be provided with official certification that can be submitted to their acquirer Where can I find a PCI Approved Scanning Vendor capable of providing quarterly PCI vulnerability scans Right here Comodo HackerGuardian offers a range of PCI compliance services designed for merchants and service providers of all sizes Click here to find out more What s the deadline for compliance When must I begin using the new PCI standards The Payment Card Industry Standards Security Audit Procedures Self Assessment Questionnaire and Security Scanning Requirements are effective immediately What are the penalties for non compliance with the PCI standards Validation and enforcement is the responsibility of the acquiring financial institution or payment processor Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 83 C e a M e O D e www enterprise comodo com El Creating For each instance of non compliance these organizations levy various pena
114. te Homepage URL ia E Meng comodopayment com http www comadopayment com 20 FEB 05 Eat Ge Geen Valid www comodo com http www comodo com 15 DEC 04 Edt EX Valid test com http ftest com 28 DEC 06 Est desea Scroll down to the bottom until you see the section Register another Website Next type the domain on which you want the logo to appear in the Location of Website field To submit the registration click Register Website Register another Website Mepecity the domain on which you want the logo to appear Location of Website Examples yourdomain com or yourdomain com use this format if your website spans the entire yourdomain com domain www yourhost com yourcompany use this format if your website is hosted under your abhosts name and your company name is a subdirectory Register Website Selecting your CVC website You can change the website which your CVC is displayed on by clicking the Select Website link shown below CVC Options Please click here to register your Website s in IdAuthority so that they appear in the Select Website lists CVC Product Type Valid Valid Serial Number Website From To Status Date Order Date Content Options Trial Payment Credential CVC for test com Awaiting Request 26 DEC 05 1234567 26 DEC 06 Select Content e Lut Point to Verifu l Comodo HackerGuardian User Guide 2009 Comodo CA Limited All ri
115. te host might be vulnerable to a sequence number approximation bug which may allow an attacker to send spoofed RST packets to the remote host and close established connections This may cause problems for some dedicated services BGP a VPN over TCP etc Solution See http amp 9 Risk factor Medium Ge CVE CVE 2004 0230 BID 10183 Other references OSVDB 4030 IAVA 2004 A 0007 Here NVD provides severity rankings of Low Medium and High in addition to the numeric CVSS scores but these qualitative rankings are simply mapped from the numeric CVSS scores e Vulnerabilities are labeled Low severity if they have a CVSS base score of 0 0 3 9 e Vulnerabilities will be labeled Medium severity if they have a base CVSS score of 4 0 6 9 e Vulnerabilities will be labeled High severity if they have a CVSS base score of 7 0 10 0 CVE The CVE list provides an index of standardized names for vulnerabilities and other information security exposures CVE aims to standardize the names for all publicly known vulnerabilities and security exposures Security warning found on port service https 443 tcp E Plugin HTTP TRACE Method Enabled Category CGI abuses XS5 Priority Ranking Medium Priority Synopsis Debugging functions are enabled on the remote web server Description The remote webserver supports the TRACE and or TRACK methods TRACE and T
116. te the html neccesary for displaying your chosen logo You just need to enter the location of the CVC file and the credit card graphic in the fields provided In both cases it is important to specify the full URL and for both files to be live at these locations Certificate CvC URL http dive yourdoamain cam certsrl 2345B8 cer Image URL http www yourdomain comicertsicyclogo git e Certificate CVC URL Enter the FULL location of the CVC file cer on your webserver including FQDN directory and filename e g http www yourdomain com certs 123456 cer e Image URL Enter the FULL location of the card payment graphic file on your webserver including FQDN directory and filename e g http www yourdomain com certs cvclogo gif Finally click the Create code button This will generate a snippet of code in the large text field in the lower half of the form example below How simply copy and paste the code below into your web page lt Display the VE Loga gt lt object classid CLSID 2 D5E36D5 C74F 4A57 ADAD 6D9F783FEAS56 id ESigil width 228 height 60 data http yourdomain com certs cvclogo git type text gif style cursor pointer gt param name CertLocation value http yourdomain com certs 123456 cer gt Start of Alternative Verification Engine text lt img src http yourdomain com certs cvclogo gif gt x1 End of Alternative Verification Engine text gt l
117. that only contain a header So its TCP packets are generally 40 bytes and ICMP echo requests are just 28 This option tells Nmap to append the given number of random bytes to most of the packets it sends OS detection O packets are not affected but most pinging and portscan packets are This slows things down but can be slightly less conspicuous 2 7 19 Oracle settings EE LI Pis MN ei LH A Oracle settings Nmap NASL wrapper Oracle SID Oracle settings Test default accounts slow Ping the remote host CMA Soppe Ivi eh a enumerate local user 2 20 Ping the remote host Nmap NASL wrapper A Ping the remote host E rar in CP ping destination ports Built in 5 Pina the remote host Do an ARP ping Do a TCP ping Do an ICMP ping Number of retries ICMP amp SMB Scope SMB use host SID to enumerate local users SMTP settings Do an applicative UDP ping ONS RPC SNMP settings Make the dead hosts appear in the report SSH settings Log live hosts in the report i TT P e mman li m murs ib o cl e TCP ping destination port s The default TCP ping destination ports are 22 23 80 Doan ARP ping e Doa TCP ping This option performs No Operation noop command to the target by which it performs a tcp ping e Do an ICMP ping This option sends ICMP echo commands e Number of retries ICMP e Doan applicative UDP ping DNS RPC e Make the dead hosts appear in the report
118. through the procedure again Please remember that you should make any changes BEFORE clicking Request Validation CVC Options Please click here to register your Website s in IdAuthority so that they appear in the Select Website lists CVC Product Type Valid Valid Serial Number Website From To Status Date Order Date Options Trial Payment Credential CVC for test com Awaiting Request 25 DEC 06 Request Validation Select Website Select Content Choosing and or changing which website your CVC is displayed on In the majority of circumstances you will have specified the domain you wish your CVC to appear on during the application process This means that the website will have been automatically added to IdAuthority and you should see it listed on the left of the order summary screen as shown below Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 63 Cc eL M eL D O www enterprise comodo com Creating elaj in IdAuthority so that they appear in the Select Website lists CVC Product Type Wali Wali Serial Number Website Status Cats Order rats Content a Lest commu ay Awaiting Request ce DE 1234567 26 DEC 08 r Select Website Select Content Options Return to Management If this domain is OK and you have finished choosing your credit card logos then you can skip straight onto the final part of the setup process Request Validation How
119. ting a False Positive A false positive exists when HackerGuardian incorrectly detects a Security Hole vulnerability with a CVSS base score greater than 4 0 or if compensating controls exist elsewhere in the network s security infrastructure to offset or nullify the vulnerability Administrators have the ability to submit suspected false positives to Comodo from with the security advisory itself see below O Security warning found on port service https 443 tcp u Plugin HTTP TRACE Method Enabled Category CGI abuses W55 Priority Ranking Medium Priority Synopsis Debugging functions are enabled on the remote web server Description The remote webserver supports the TRACE and or TRACK methods TRACE and TRACK are HTTP methods which are used to debug web server connections In addition it has been shown that servers supporting the TR ACE method are subject to cross site scripting attacks dubbed ST for Cross Site Tracing when used in conjunction with various weaknesses in browsers An attacker may use this flaw to trick your legitimate web users to give him their credentials See also http ut CO r1 my whi mirror WH Whir Ax k cdf http www apacheweek comyfissues 03 01 24 http kb cert or E id 867593 Solution Disable these methods E Risk factor Medium CVSS Base Score 5 0 CVSS2 4V N AC L Au N C P T N A N q Solution Add the following lines for each virtual hast in your configuration f
120. to configure start stop scanning process PCI Scanning e Retest Security Items Allows to see if the problems identified by the previous scan have been dealt with E Set Options effectively KA Set Plugins a Set Preferences Set Options Enables administrators to configure general options pertaining to the scans Retest Security Items Email Alert Options EN schedule Scan e Set Plugins El False Positives Enables the administrator to choose which plug ins are deployed during a scan View Report B E e Set Preferences Daily Scanning Enables the administrator to configure the account options ie False Positives Email Alert Options 5 View Report sends an reminder message or email if you haven t done a scan in 3 months or when new plugins are added to the system Site Inspector Scanning Displays a list of existing scans allows to add new schedule of scanning Licensing e Enables the administrator to monitor all false positive issues that were submitted by him for check when reviewing the results of some scan e View Report Enables the administrator to view the Date and Time of the performed Scan the devices for which scan has been performed whether the scan has been completely performed or not e Site Inspector Scanning Enables the administrator to view the Date and Time of the Site Inspector Scan the devices for which scan has been performed whether the scan has been completely perf
121. ts e Scan Compliancy have a dynamic IP assigned by my ISP Can still use HackerGuardian e Scan Compliancy have entered my IP in the address book how long will validation take e All Services received an email saying new tests were added but HackerGuardian still shows the old number How do add them e All Services Does Comodo maintain any statistics about what of clients consistently a score of 0 on the High Risk threats Or what 9o of all commercial servers would have this score e All Services How do upgrade from a trial account to the full version e All Services After upgrading will have to re enter my IP Domain information e All Services am an existing Comodo account holder e g SSL can use my existing Username and Password during purchase e All Services Explain the password username system to me e Scan Compliancy Can scan private internal IP addresses e Scan Compliancy How many concurrent scans can run Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 76 C e a M e O D e www enterprise comodo com El Creating e All Services How many ports does each service test e Scan Compliancy get an error when trying to start a scan saving no plug ins are selected e All Services have changed my password and now cannot login to the HackerGuardian website why e Scan Compliancy Does HackerGuardian use the latest CVSS v2
122. ved 45 C e O M e 0 a D e www enterprise comodo com El Creating Q Security information found on port service https 443 tep E Note this information was first detected on 2008 10 15 09 46 34 Plugin Robots txt Information Disclosure Category Common gateway interface Priority Ranking Low Priority Synopsis The remote web server contains a robots txt file Description The remote host contains a file named robots txt that is intended to prevent web robots from visiting certain directories in a web site for maintenance or indexing purposes A malicious user may also be able to use the contents of this file to learn of sensitive documents or directories on the affected site and either retrieve them directly or target them for other attacks See also http viww rabotstxt org OQ Solution Review the contents of the site s robots txt file use Robots META tags instead of entries in the robots txt file and or adjust the web server s access controls to limit access to sensitive material e Risk factor None Contents of robots txt User agent Disallow Other references OSVDB 238 Based on the synopsis a vulnerability description is given The vulnerability description in the report suggests the Solution Risk Factor and CVE Solution When there is a security warning Vulnerability found the report suggests you to take some action
123. y IP Domain information Free Scan and Free PCI Scanning Service Both free license types are for a fixed period At the end of this period the license expires Scan Control Centre For the PCI Scan Control Service any previously validated IP addresses will still be usable All Services am an existing Comodo account holder e g SSL can use my existing Username and Password during purchase Yes You should use the Existing Customer Option and enter your existing Comodo UN PW during the signup process You can then also use your Comodo account Password and Username to log into the HackerGuardian interface at www hackerguardian com All Services Explain the password username system to me During signup you created a Comodo account with a Username and Password This Username and Password has dual functionality 1 Use it to log into your Comodo account and manage your Comodo account details You can log in at http www comodo com 2 Use it to log into the HackerGuardian web application interface Do this using the login box at http www hackerguardian com Also see documentation at http www hackerguardian com help starting_up html Scan Compliancy Can I scan private internal IP addresses No The scan control center will not scan private IP addresses that refer to machines internal to your network Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 78 C e a M e O D e www enterprise
124. y Scanning Licensing 2 7 1 Cleartext protocols settings Set clear text credentials to perform local security checks Comodo HackerGuardian User Guide 2009 Comodo CA Limited All rights reserved 24 C e a M e O D e O www enterprise comodo com Creating a Plugin Preferences Cleartext protocols settings Cleartextprotocolz settings Leer name Do not sean fragile devices Global variable settings HTTP login page Mudra NASL wrapperz options Password unsafe a Try to perform patch level checks over teli O Try to perform patch level checks over rsh Hydra Cisco enable Hydra HTTP O Try to perform patch level checks over rex Hydra HTTP proxy Hydra LDAP Hudra Postgres Hydra SAP RS User name Password unsafe LI Try to perform patch level checks over teli Hydra 5MB m E dl 2 7 2 Do not scan fragile devices Define which type of hosts can or can not be scanned Plugin Preferences Do not scan fragile devices gt Cleartext protocols settings Scan Network Printers Do mot scan fragile devices Global variable settings HTTP login page Hydra NASL wrappers options Hydra Cisco enable Hydra HTTP Hydra HTTP proxy Hydra LDAP Hydra Postgres Hydra SAP R3 I dx RH RE Scan Hovell Netware hosts Scan Hetwork Printers Scan Network Printers Scan Network Printers Scan Network Printers Scan Netwo
Download Pdf Manuals
Related Search