clear pci vulnerability scans web2
TRANSCRIPT
PRODUCT SHEET
The Payment Card Industry (PCI) Data Security Standard (DSS) requires all firms processing card based payments to perform periodic external vulnerability scans via an Approved Scan Vendor (ASV). With ClearPCI, scans can be scheduled with ease and come with the reporting and documentation required for PCI compliance. ClearPCI’s low annual fee allows you unlimited scanning for up to 5 IP addresses to re-scan your environment as often as needed. You no longer need to be a security expert or hire expensive consultants. ClearPCI’s ASV Certified Vulnerability Scanning gives you the power to quickly and easily identify, assess and report on potential vulnerabilities. Through simple online scheduling and optionally automated scans, ClearPCI’s online Vulnerability Scanning simplifies your compliance efforts!
•UnlimitedscanningofuptofiveIPaddresses
•Identifiesvulnerabilitiestohackers,wormsandviruses
•Onlineschedulingandreportmanagement
•ClearPCI ONE integration for greater protection and lower costs
Unlimited Scans for One Year!*
The easiest and lowest cost PCI
scanning available. Quickly and
easily generate the documentation
you need for PCI Compliance:
•Attestation Report
•Executive Summary
•Detailed Assessment Report
Get Started Today! Visit: www.ClearPCI.com
Vulnerability Scanningfor PCI Compliance
Comprehensive PCI, One Simple Solution
ASV Scan Report
Report Generated: October 21, 2010
1.0 Introduction
Based upon the results of your scan performed on October 15, 2010, at 10:56 AM by PCI Approved Scanning
Vendor SAINT Corporation under certificate number 4268-01-02, Cybera, Inc. is globally PCI compliant with
the PCI scan validation requirement. The PCI vulnerability assessment was conducted using the SAINT
7.4.9 vulnerability scanner. The scan discovered a total of four live hosts, and detected two critical problems,
zero areas of concern, and 11 potential problems. The hosts and problems detected are discussed in greater
detail in the following sections. This report was generated by SAINT Corporation with the guidelines of the PCI
data security initiative.
2.0 Overview
The following tables present an overview of the hosts discovered on the network and the vulnerabilities contained
therein.
2.1 Host List
This table presents an overview of the hosts discovered on the network.
Host NameNetbiosName
IP Address CriticalProblems
Areas ofConcern
PotentialProblems
PCICompliant?
atlanta.speedtest.cybera.net64.202.128.8
10
4 PASS
chicago.speedtest.cybera.net64.202.128.38 1
04 PASS
csg2.ch1.cybera.net64.202.128.41 0
02 PASS
script.cybera.net64.202.128.51 0
01 PASS
3.0 Part 3a. Vulnerabilities Noted for each IP Address
This table presents an overview of the vulnerabilities detected on the network.
IP Address Vulnerability
/ServiceCVE
PCISeverity
CVSSv2BaseScore
PCICompliant?
PCI Reason
64.202.128.8 mod_proxyvulnerability in
Apacheversion: 2.2.16
CVE-2009-1890 medium 5.0 PASS DOS vulnerabilities are PCI
compliant
64.202.128.8 Remote OSavailable
low 2.6 PASS SAINT calculated its own
CVSS score for this vulnerability
because it was not found in the
NVD.
1
ASV Scan Report Report Generated: October 21, 2010
Customer and ASV Information
Customer Information ASV InformationCompany: Cybera, Inc. Company: SAINT CorporationContact: David Abbott Contact: Billy AustinTitle: SVP Engineering & Tehcnology Title: Cheif Security OfficerTelephone: 615.301-2376 Telephone: 301-841-0119E-mail: [email protected] E-mail: [email protected] Address: 9009 Carothers Pkwy Business Address: 4720 Montgomery LaneCity: Franklin City: BethesdaState/Province: TN State/Province: MDZIP: 37067 ZIP: 20814URL: www.clearpci.com URL: www.saintcorporation.com
Scan Status
- Compliance Status: PASS- Number of unique components scanned: 4 - Number of identified failing vulnerabilities: 0 - Number of components found by ASV but not scanned because scan customer confirmedcomponents were out of scope: 6 - Date scan completed: October 15, 2010 - Scan expiration date (90 days from scan date): January 13, 2011
Scan Customer Attestation
Cybera, Inc. attests on October 15, 2010 that this scan includes all components* which should be in scope forPCI DSS, any component considered out-of-scope for this scan is properly segmented from my cardholder dataenvironment, and any evidence submitted to the ASV to resolve scan exceptions is accurate and complete.Cybera, Inc. also acknowledges the following: 1) proper scoping of this external scan is my responsibility, and 2)this scan result only indicates whether or not my scanned systems are compliant with the external vulnerabilityscan requirement of PCI DSS; this scan result does not represent my overall compliance status with PCI DSSor provide any indication of compliance with other PCI DSS requirements.
ASV Attestation
This scan and report was prepared and conducted by SAINT Corporation under certificate number___________________, according to internal processes that meet PCI DSS requirement 11.2 and the PCI DSSASV Program Guide.
SAINT Corporation attests that the PCI DSS scan process was followed, including a manual or automatedQuality Assurance process with customer boarding and scoping practices, review of results for anomalies, andreview and correction of 1) disputed or incomplete results, 2) false positives, and 3) active scan interference. Thisreport and any exceptions were reviewed by SAINT Corporation.
1
ASV Scan Report Report Generated: October 21, 20101.0 Introduction
Based upon the results of your scan performed on October 15, 2010, at 10:56 AM by PCI Approved Scanning
Vendor SAINT Corporation under certificate number 4268-01-02, Cybera, Inc. is globally PCI compliant with
the PCI scan validation requirement. The PCI vulnerability assessment was conducted using the SAINT
7.4.9 vulnerability scanner. The scan discovered a total of four live hosts, and detected two critical problems,
zero areas of concern, and 11 potential problems. The hosts and problems detected are discussed in greater
detail in the following sections. This report was generated by SAINT Corporation within the guidelines of the
PCI data security initiative.2.0 Overview
The following vulnerability severity levels are used to categorize the vulnerabilities:
CRITICAL PROBLEMS Vulnerabilities which pose an immediate threat to the network by allowing a remote attacker to directly
gain read or write access, execute commands on the target, or create a denial of service.
AREAS OF CONCERN Vulnerabilities which do not directly allow remote access, but do allow privilege elevation attacks,
attacks on other targets using the vulnerable host as an intermediary, or gathering of passwords or
configuration information which could be used to plan an attack. POTENTIAL PROBLEMS Warnings which may or may not be vulnerabilities, depending upon the patch level or configuration of
the target. Further investigation on the part of the system administrator may be necessary.
SERVICESNetwork services which accept client connections on a given TCP or UDP port. This is simply a count
of network services, and does not imply that the service is or is not vulnerable.
The following tables present an overview of the hosts discovered on the network and the vulnerabilities contained
therein.
2.1 Vulnerability List
This table presents an overview of the vulnerabilities detected on the network.
Host NameVulnerability / Service Class CVE
CVSSv2BaseScore
PCICompliant?
PCISeverity1
*For up to 5 IP addresses
email: call: click:[email protected] 1.877.5PCINOW (572.4669) www.clearpci.com
PRODUCT SHEET
…when hackers win, everyone else loses.
Making Compliance EasierUnderstanding the PCI DSS can be daunting. With over 220individual requirements, most merchants struggle to comprehend the various solutions and tools necessary to become compliant. ClearPCI simplifies PCI compliance for the merchant by removing cost and complexity.
The ClearPCI Vulnerability Scanning solution is easy to use and provides you with the information you need to identify vulnerabilities and ultimately become compliant.
•AllscanninganddocumentationprovidedbyaPCICertified Approved Scan Vendor (ASV)
•CorrelatesindustrystandardidentifierssuchasCVE,OSVDB,BID,OVAL,SANS/FBITop20,CVSSscore,vendorID and many more
•Over15,000individualvulnerabilitytestsperformedduring each scan
•Automateddetectionandassessmentofopenportsandvulnerable configurations
Full Integration with ClearPCI ONEFor even greater cost savings, ClearPCI Vulnerability Scanning is integrated with ClearPCI ONE, a comprehensive solution for PCI compliance. Instead of assembling security tools and services from a variety of vendors, choose ClearPCI and reduce cost and complexity of PCI.
ClearPCI automatically performs and posts quarterly external scans to your online account. At no additional charge, you’ll get documentation for submission to your merchant services provider or transaction processor. Also included for free is the flexibility to schedule unlimited vulnerability scans up to 5 additional IP addresses!
ClearPCI One ClearPCI ONE is the industry’s leading solution for PCI compliance – delivering the most comprehensive set of services available. Implement ClearPCI ONE at your merchant location for even greater control and savings!
•OnlineSelfAssessmentQuestionnaire(SAQ)
•VulnerabilityscanningbycertifiedASV
•SCA-300serieson-sitesecurityappliance
•Managedfirewallservice
•Managedintrusiondetectionservices
•Roguewirelessdetection&reporting
•Hostedanti-virus,anti-spam,contentfiltering
•Securityinformationlogging&alerting
•12-monthremotelogstorage
•Onlinesolutionmanagementportal
•24x7SecurityOperationsCenter
•CustomizablePCIpolicytemplates
Get Started Today! Visit: www.ClearPCI.com