Upload File

clear pci vulnerability scans web2

2
PRODUCT SHEET The Payment Card Industry (PCI) Data Security Standard (DSS) requires all firms processing card based payments to perform periodic external vulnerability scans via an Approved Scan Vendor (ASV). With ClearPCI, scans can be scheduled with ease and come with the reporting and documentation required for PCI compliance. ClearPCI’s low annual fee allows you unlimited scanning for up to 5 IP addresses to re-scan your environment as often as needed. You no longer need to be a security expert or hire expensive consultants. ClearPCI’s ASV Certified Vulnerability Scanning gives you the power to quickly and easily identify, assess and report on potential vulnerabilities. Through simple online scheduling and optionally automated scans, ClearPCI’s online Vulnerability Scanning simplifies your compliance efforts! • Unlimited scanning of up to five IP addresses • Identifies vulnerabilities to hackers, worms and viruses • Online scheduling and report management ClearPCI ONE integration for greater protection and lower costs Unlimited Scans for One Year! * The easiest and lowest cost PCI scanning available. Quickly and easily generate the documentation you need for PCI Compliance: Attestation Report Executive Summary Detailed Assessment Report Get Started Today! Visit: www.ClearPCI.com Vulnerability Scanning for PCI Compliance Comprehensive PCI, One Simple Solution ASV Scan Report Report Generated: October 21, 2010 1.0 Introduction Based upon the results of your scan performed on October 15, 2010, at 10:56 AM by PCI Approved Scanning Vendor SAINT Corporation under certificate number 4268-01-02, Cybera, Inc. is globally PCI compliant with the PCI scan validation requirement. The PCI vulnerability assessment was conducted using the SAINT 7.4.9 vulnerability scanner. The scan discovered a total of four live hosts, and detected two critical problems, zero areas of concern, and 11 potential problems. The hosts and problems detected are discussed in greater detail in the following sections. This report was generated by SAINT Corporation with the guidelines of the PCI data security initiative. 2.0 Overview The following tables present an overview of the hosts discovered on the network and the vulnerabilities contained therein. 2.1 Host List This table presents an overview of the hosts discovered on the network. Host Name Netbios Name IP Address Critical Problems Areas of Concern Potential Problems PCI Compliant? atlanta.speedtest.cybera.net 64.202.128.8 1 0 4 PASS chicago.speedtest.cybera.net 64.202.128.38 1 0 4 PASS csg2.ch1.cybera.net 64.202.128.41 0 0 2 PASS script.cybera.net 64.202.128.51 0 0 1 PASS 3.0 Part 3a. Vulnerabilities Noted for each IP Address This table presents an overview of the vulnerabilities detected on the network. IP Address Vulnerability /Service CVE PCI Severity CVSSv2 Base Score PCI Compliant? PCI Reason 64.202.128.8 mod_proxy vulnerability in Apache version: 2.2.16 CVE-2009-1890 medium 5.0 PASS DOS vulnerabilities are PCI compliant 64.202.128.8 Remote OS available low 2.6 PASS SAINT calculated its own CVSS score for this vulnerability because it was not found in the NVD. 1 ASV Scan Report Report Generated: October 21, 2010 Customer and ASV Information Customer Information ASV Information Company: Cybera, Inc. Company: SAINT Corporation Contact: David Abbott Contact: Billy Austin Title: SVP Engineering & Tehcnology Title: Cheif Security Officer Telephone: 615.301-2376 Telephone: 301-841-0119 E-mail: [email protected] E-mail: [email protected] Business Address: 9009 Carothers Pkwy Business Address: 4720 Montgomery Lane City: Franklin City: Bethesda State/Province: TN State/Province: MD ZIP: 37067 ZIP: 20814 URL: www.clearpci.com URL: www.saintcorporation.com Scan Status - Compliance Status: PASS - Number of unique components scanned: 4 - Number of identified failing vulnerabilities: 0 - Number of components found by ASV but not scanned because scan customer confirmed components were out of scope: 6 - Date scan completed: October 15, 2010 - Scan expiration date (90 days from scan date): January 13, 2011 Scan Customer Attestation Cybera, Inc. attests on October 15, 2010 that this scan includes all components* which should be in scope for PCI DSS, any component considered out-of-scope for this scan is properly segmented from my cardholder data environment, and any evidence submitted to the ASV to resolve scan exceptions is accurate and complete. Cybera, Inc. also acknowledges the following: 1) proper scoping of this external scan is my responsibility, and 2) this scan result only indicates whether or not my scanned systems are compliant with the external vulnerability scan requirement of PCI DSS; this scan result does not represent my overall compliance status with PCI DSS or provide any indication of compliance with other PCI DSS requirements. ASV Attestation This scan and report was prepared and conducted by SAINT Corporation under certificate number ___________________, according to internal processes that meet PCI DSS requirement 11.2 and the PCI DSS ASV Program Guide. SAINT Corporation attests that the PCI DSS scan process was followed, including a manual or automated Quality Assurance process with customer boarding and scoping practices, review of results for anomalies, and review and correction of 1) disputed or incomplete results, 2) false positives, and 3) active scan interference. This report and any exceptions were reviewed by SAINT Corporation. 1 ASV Scan Report Report Generated: October 21, 2010 1.0 Introduction Based upon the results of your scan performed on October 15, 2010, at 10:56 AM by PCI Approved Scanning Vendor SAINT Corporation under certificate number 4268-01-02, Cybera, Inc. is globally PCI compliant with the PCI scan validation requirement. The PCI vulnerability assessment was conducted using the SAINT 7.4.9 vulnerability scanner. The scan discovered a total of four live hosts, and detected two critical problems, zero areas of concern, and 11 potential problems. The hosts and problems detected are discussed in greater detail in the following sections. This report was generated by SAINT Corporation within the guidelines of the PCI data security initiative. 2.0 Overview The following vulnerability severity levels are used to categorize the vulnerabilities: CRITICAL PROBLEMS Vulnerabilities which pose an immediate threat to the network by allowing a remote attacker to directly gain read or write access, execute commands on the target, or create a denial of service. AREAS OF CONCERN Vulnerabilities which do not directly allow remote access, but do allow privilege elevation attacks, attacks on other targets using the vulnerable host as an intermediary, or gathering of passwords or configuration information which could be used to plan an attack. POTENTIAL PROBLEMS Warnings which may or may not be vulnerabilities, depending upon the patch level or configuration of the target. Further investigation on the part of the system administrator may be necessary. SERVICES Network services which accept client connections on a given TCP or UDP port. This is simply a count of network services, and does not imply that the service is or is not vulnerable. The following tables present an overview of the hosts discovered on the network and the vulnerabilities contained therein. 2.1 Vulnerability List This table presents an overview of the vulnerabilities detected on the network. Host Name Vulnerability / Service Class CVE CVSSv2 Base Score PCI Compliant? PCI Severity 1 *For up to 5 IP addresses

Upload: cybera-inc

Post on 23-Jan-2018

209 views

Category:

Technology


0 download

Report

TRANSCRIPT

Page 1: Clear Pci Vulnerability Scans Web2

PRODUCT SHEET

The Payment Card Industry (PCI) Data Security Standard (DSS) requires all firms processing card based payments to perform periodic external vulnerability scans via an Approved Scan Vendor (ASV). With ClearPCI, scans can be scheduled with ease and come with the reporting and documentation required for PCI compliance. ClearPCI’s low annual fee allows you unlimited scanning for up to 5 IP addresses to re-scan your environment as often as needed. You no longer need to be a security expert or hire expensive consultants. ClearPCI’s ASV Certified Vulnerability Scanning gives you the power to quickly and easily identify, assess and report on potential vulnerabilities. Through simple online scheduling and optionally automated scans, ClearPCI’s online Vulnerability Scanning simplifies your compliance efforts!

•UnlimitedscanningofuptofiveIPaddresses

•Identifiesvulnerabilitiestohackers,wormsandviruses

•Onlineschedulingandreportmanagement

•ClearPCI ONE integration for greater protection and lower costs

Unlimited Scans for One Year!*

The easiest and lowest cost PCI

scanning available. Quickly and

easily generate the documentation

you need for PCI Compliance:

•Attestation Report

•Executive Summary

•Detailed Assessment Report

Get Started Today! Visit: www.ClearPCI.com

Vulnerability Scanningfor PCI Compliance

Comprehensive PCI, One Simple Solution

ASV Scan Report

Report Generated: October 21, 2010

1.0 Introduction

Based upon the results of your scan performed on October 15, 2010, at 10:56 AM by PCI Approved Scanning

Vendor SAINT Corporation under certificate number 4268-01-02, Cybera, Inc. is globally PCI compliant with

the PCI scan validation requirement. The PCI vulnerability assessment was conducted using the SAINT

7.4.9 vulnerability scanner. The scan discovered a total of four live hosts, and detected two critical problems,

zero areas of concern, and 11 potential problems. The hosts and problems detected are discussed in greater

detail in the following sections. This report was generated by SAINT Corporation with the guidelines of the PCI

data security initiative.

2.0 Overview

The following tables present an overview of the hosts discovered on the network and the vulnerabilities contained

therein.

2.1 Host List

This table presents an overview of the hosts discovered on the network.

Host NameNetbiosName

IP Address CriticalProblems

Areas ofConcern

PotentialProblems

PCICompliant?

atlanta.speedtest.cybera.net64.202.128.8

10

4 PASS

chicago.speedtest.cybera.net64.202.128.38 1

04 PASS

csg2.ch1.cybera.net64.202.128.41 0

02 PASS

script.cybera.net64.202.128.51 0

01 PASS

3.0 Part 3a. Vulnerabilities Noted for each IP Address

This table presents an overview of the vulnerabilities detected on the network.

IP Address Vulnerability

/ServiceCVE

PCISeverity

CVSSv2BaseScore

PCICompliant?

PCI Reason

64.202.128.8 mod_proxyvulnerability in

Apacheversion: 2.2.16

CVE-2009-1890 medium 5.0 PASS DOS vulnerabilities are PCI

compliant

64.202.128.8 Remote OSavailable

low 2.6 PASS SAINT calculated its own

CVSS score for this vulnerability

because it was not found in the

NVD.

1

ASV Scan Report Report Generated: October 21, 2010

Customer and ASV Information

Customer Information ASV InformationCompany: Cybera, Inc. Company: SAINT CorporationContact: David Abbott Contact: Billy AustinTitle: SVP Engineering & Tehcnology Title: Cheif Security OfficerTelephone: 615.301-2376 Telephone: 301-841-0119E-mail: [email protected] E-mail: [email protected] Address: 9009 Carothers Pkwy Business Address: 4720 Montgomery LaneCity: Franklin City: BethesdaState/Province: TN State/Province: MDZIP: 37067 ZIP: 20814URL: www.clearpci.com URL: www.saintcorporation.com

Scan Status

- Compliance Status: PASS- Number of unique components scanned: 4 - Number of identified failing vulnerabilities: 0 - Number of components found by ASV but not scanned because scan customer confirmedcomponents were out of scope: 6 - Date scan completed: October 15, 2010 - Scan expiration date (90 days from scan date): January 13, 2011

Scan Customer Attestation

Cybera, Inc. attests on October 15, 2010 that this scan includes all components* which should be in scope forPCI DSS, any component considered out-of-scope for this scan is properly segmented from my cardholder dataenvironment, and any evidence submitted to the ASV to resolve scan exceptions is accurate and complete.Cybera, Inc. also acknowledges the following: 1) proper scoping of this external scan is my responsibility, and 2)this scan result only indicates whether or not my scanned systems are compliant with the external vulnerabilityscan requirement of PCI DSS; this scan result does not represent my overall compliance status with PCI DSSor provide any indication of compliance with other PCI DSS requirements.

ASV Attestation

This scan and report was prepared and conducted by SAINT Corporation under certificate number___________________, according to internal processes that meet PCI DSS requirement 11.2 and the PCI DSSASV Program Guide.

SAINT Corporation attests that the PCI DSS scan process was followed, including a manual or automatedQuality Assurance process with customer boarding and scoping practices, review of results for anomalies, andreview and correction of 1) disputed or incomplete results, 2) false positives, and 3) active scan interference. Thisreport and any exceptions were reviewed by SAINT Corporation.

1

ASV Scan Report Report Generated: October 21, 20101.0 Introduction

Based upon the results of your scan performed on October 15, 2010, at 10:56 AM by PCI Approved Scanning

Vendor SAINT Corporation under certificate number 4268-01-02, Cybera, Inc. is globally PCI compliant with

the PCI scan validation requirement. The PCI vulnerability assessment was conducted using the SAINT

7.4.9 vulnerability scanner. The scan discovered a total of four live hosts, and detected two critical problems,

zero areas of concern, and 11 potential problems. The hosts and problems detected are discussed in greater

detail in the following sections. This report was generated by SAINT Corporation within the guidelines of the

PCI data security initiative.2.0 Overview

The following vulnerability severity levels are used to categorize the vulnerabilities:

CRITICAL PROBLEMS Vulnerabilities which pose an immediate threat to the network by allowing a remote attacker to directly

gain read or write access, execute commands on the target, or create a denial of service.

AREAS OF CONCERN Vulnerabilities which do not directly allow remote access, but do allow privilege elevation attacks,

attacks on other targets using the vulnerable host as an intermediary, or gathering of passwords or

configuration information which could be used to plan an attack. POTENTIAL PROBLEMS Warnings which may or may not be vulnerabilities, depending upon the patch level or configuration of

the target. Further investigation on the part of the system administrator may be necessary.

SERVICESNetwork services which accept client connections on a given TCP or UDP port. This is simply a count

of network services, and does not imply that the service is or is not vulnerable.

The following tables present an overview of the hosts discovered on the network and the vulnerabilities contained

therein.

2.1 Vulnerability List

This table presents an overview of the vulnerabilities detected on the network.

Host NameVulnerability / Service Class CVE

CVSSv2BaseScore

PCICompliant?

PCISeverity1

*For up to 5 IP addresses

Page 2: Clear Pci Vulnerability Scans Web2

email: call: click:[email protected] 1.877.5PCINOW (572.4669) www.clearpci.com

PRODUCT SHEET

…when hackers win, everyone else loses.

Making Compliance EasierUnderstanding the PCI DSS can be daunting. With over 220individual requirements, most merchants struggle to comprehend the various solutions and tools necessary to become compliant. ClearPCI simplifies PCI compliance for the merchant by removing cost and complexity.

The ClearPCI Vulnerability Scanning solution is easy to use and provides you with the information you need to identify vulnerabilities and ultimately become compliant.

•AllscanninganddocumentationprovidedbyaPCICertified Approved Scan Vendor (ASV)

•CorrelatesindustrystandardidentifierssuchasCVE,OSVDB,BID,OVAL,SANS/FBITop20,CVSSscore,vendorID and many more

•Over15,000individualvulnerabilitytestsperformedduring each scan

•Automateddetectionandassessmentofopenportsandvulnerable configurations

Full Integration with ClearPCI ONEFor even greater cost savings, ClearPCI Vulnerability Scanning is integrated with ClearPCI ONE, a comprehensive solution for PCI compliance. Instead of assembling security tools and services from a variety of vendors, choose ClearPCI and reduce cost and complexity of PCI.

ClearPCI automatically performs and posts quarterly external scans to your online account. At no additional charge, you’ll get documentation for submission to your merchant services provider or transaction processor. Also included for free is the flexibility to schedule unlimited vulnerability scans up to 5 additional IP addresses!

ClearPCI One ClearPCI ONE is the industry’s leading solution for PCI compliance – delivering the most comprehensive set of services available. Implement ClearPCI ONE at your merchant location for even greater control and savings!

•OnlineSelfAssessmentQuestionnaire(SAQ)

•VulnerabilityscanningbycertifiedASV

•SCA-300serieson-sitesecurityappliance

•Managedfirewallservice

•Managedintrusiondetectionservices

•Roguewirelessdetection&reporting

•Hostedanti-virus,anti-spam,contentfiltering

•Securityinformationlogging&alerting

•12-monthremotelogstorage

•Onlinesolutionmanagementportal

•24x7SecurityOperationsCenter

•CustomizablePCIpolicytemplates

Get Started Today! Visit: www.ClearPCI.com


Pd850ed1rev2eng0913 web2

Web2 group5

Web2 Ideenbörse

Designing Web2

Web2 Formative

Web2 Oct08

Planeta web2 1

Libro planeta web2

Brosur for Web2

Web2: What4?

Progestrogens web2

275296 web2

Semantic web2

Itsc 08 Web2

Web2 Infection Session

Giftguide web2

Appendix a web2

Planeta Web2[1]

Web2 Presentation

NPA2015 PSR-WEB2

Presentación de PowerPoint - Cloud Access · asset inventoty PCI 11.2 quarterly vulnerability scans FISMA, HIPAA, ISO 12.6: periodic security testing PCI 12.9 respond immediately

Update08 Web2

Web2 Productivity

WEB2 TECHNOLOGY

297498 web2

Web2 - jQuery

Preschool web2

264000 WEB2

Folder web2

Web2 Google

Planeta web2

Pdnoiseexcited6rev0eng0713 web2