News
RSS Feed
Knowledgebase : HackerGuardian

In order for the HackerGuardian scan to be successful your firewall must be set to allow the IP address(es) the scan is coming from. The IP ranges we use: CIDR: 91.209.196.32/28 which translates to: 91.209.196.32 through 91.209.196.48 CIDR: 199.66.200.32/28 which translates to 199.66.200.32 through 199.66.200.48 CIDR: 178.255.82.64/27 which translates to 178.255.82.64 through 178.255.82.95
There is an online manual at the following location: http://hackerguardian.com/help/manualmainpage.html
No, the Free Scan can only scan the IP address of the machine that you sign into the HackerGuardian website from. If you need to scan specific IPs or websites then you will need to purchase one of the following: HackerGuardian PCI Scan Control Center HackerGuardian Daily Scanning
No. It is not possible to use the PCI Scan Control Center service unless you have a static IP.
Documentation for this can be found at: http://www.hackerguardian.com/help/starting_up_daily_scan.html
Documentation on this can be found at: http://www.hackerguardian.com/help/starting_up.html
Comodo does not maintain any sort of global statistics about the scan results we produce.
Upgrade PCI Scan Control Center Service Click the Upgrade to Full Service button in the HackerGuardian interface. Or Upgrade by using the regular sign up pages at https://www.hackerguardian.com/sas/user/free/get_standard_recurring_licence2.jsp Remember to select 'Existing Customer' and use your regular Comodo account username and password to during signup. Upgrade Daily Scanning Service Upgrade by using the regular sign up pages at https://www.hackerguardian.com/sas/user/fre...
All services: The free trial license is valid for a fixed period. At the end of this period the license expires. Daily Scanning: For the daily scan they will be required to re-enter there domain information and this will then be revalidated. PCI Scan Control Center: For the PCI Scan Control Center any previously validated IP addresses should still be useable.
You should use the existing customer option during signup, you can then use your Comodo account password and username as your hackerguardian username and password.
Yes- HackerGuardian can scan private IP addresses that refer to machines internal to your network. Private IPs ranges are defined by RFC 1918 as: 10.0.0.0 - 10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) 192.168.0.0 - 192.168.255.255 (192/168/16 prefix) Please note only the Enterprise version of HackerGuardian includes internal scanning. You would also need additional software to perform internal scanning which can be found here: https://www.hackerguardian.c...
The PCI Scan Control Center license is restricted to 3 concurrent scans. Please contact sales if you would like to increase this number. In order to set up vulnerability scanning on an IP address, you first need to add it to the Address Book. Once an IP address is stored in the address book it becomes available for selection in the Start Scanning area of HackerGuardian. You can add as many IP addresses as you like to the address book, and you can run as many concurrent scans on IP's as pe...
This can mean one of two things. Either: The host is currently unreachable. Or: No services are available on the host and it is secure.
Different level of services will allow for different total numbers of ports to be scanned. (If you use the PCI Scan Control Center service, you may define ranges of ports to be scanned within the 'Set Options' page in the 'Port Range' field.) * The PCI Scan Control Center scan tests up to a total of 65,535 ports, which is the total number of ports available on your system. * The Daily and Free services will scan the first 15,000 ports on your system. Note that most services run on the res...
Prior to June 2007 only one domain was allowed per account. If you required more than one domain to be scanned by the Daily Service then you needed one account per domain. Since June 2007 multiple domains are now allowed on a single account.
If the wrong domain is entered you will need to contact the support team to have it changed. You can raise a ticket at: https://support.comodo.com/index.php?_m=tickets&_a=submit Please note that this might take a couple of days, and may require the domain to be validated again.
When you change your password there is a delay between changing it, and that change being synchronized with the Hackerguardian database. Please allow 15 minutes for the synchronization to take place after changing your password.
The Payment Card Industry Data Security Standards (PCI DSS) are a set of 12 regulations developed jointly by Visa, MasterCard, Discover and American Express to prevent consumer data theft and reduce online fraud. Compliance with these standards is mandatory for any organization that stores, transmits or processes credit card transactions. This sweeping requirement means all merchants; service providers and payment card network members must be compliant if they wish to continue accepting payments...
The PCI DSS standards apply to all entities that process, store or transmit cardholder data. This includes all merchants and service providers with external-facing IP addresses that touch the credit card acceptance. Even if your website does not offer website based transactions you (for example, you link to a payment gateway) there are other services that make systems Internet accessible. Basic functions such as e-mail and employee internet access will result in the internet accessibility of a c...
Cardholder data is any personally identifiable data associated with a cardholder. This could be an account number, expiration date, name, address, social security number, etc. All personally identifiable information associated with the cardholder that is stored, processed, or transmitted is also considered cardholder data.
If a merchant or service provider does not store cardholder data, the PCI requirements still apply to the environment that transmits or processes cardholder data.
If a requirement is not, or cannot, be met exactly as stated, compensating controls can be considered as alternatives to requirements defined by the PCI DSS. Compensating controls should meet the intention and rigor of the original PCI requirement, and should be examined by the assessor as part of the regular PCI compliance audit.
Stored cardholder data should be rendered unreadable according to requirement 3 of the PCI Security Audit Procedures document. If encryption, truncation, or another comparable approach cannot be used, encryption options should continue to be investigated as the technology is rapidly evolving. In the interim, while encryption solutions are being investigated, stored data must be strongly protected by compensating controls. An example of compensating controls for encryption of stored data is c...
Under the new PCI standard, the compliance validation requirements for merchants of the VISA CISP and MasterCard SDP programs have been aligned so that merchants need only validate their compliance once to fulfill their obligation to all payment cards accepted. Merchants will provide compliance validation documentation to their Acquirer(s). Compliance validation documentation consists of the annual self assessment questionnaire and the quarterly PCI scan compliance report.
No. Service providers are responsible for validating their own compliance with PCI regulations independent of their customers.
A Network Security Scan involves an automated tool that checks a merchant or service provider's systems for vulnerabilities. The tool will conduct a non-intrusive scan to remotely review networks and Web applications based on the external-facing Internet protocol (IP) addresses provided by the merchant or service provider. The scan will identify vulnerabilities in operating systems, services, and devices that could be used by hackers to target the company’s private network. As provided by qualif...
Every 90 days. Scans must be conducted by a PCI Approved Scanning Vendor (ASV). Comodo is a PCI Approved Scanning Vendor.
HackerGuardian Scan Control service provides two reports after each scan — the Audit Report and the PCI Compliance report. The PCI Compliance report is the one you need to submit to your acquiring bank to demonstrate compliance. The Audit Report is a more technical document used to identify and remediate any security holes.
Each post-scan HackerGuardian vulnerability report states a PCI compliance status of 'Compliant' or 'Not Compliant' based on the discovery of potential security flaws on your systems. The following table shows the official PCI severity ratings and their HackerGuardian equivalent names. PCI Severity Rating and HackerGuardian Severity Rating 5 – Urgent – Trojan Horses, file read and write exploit, remote command execution Security Hole 4 – Critical – Potential Trojan Horses, file read expl...
If your HackerGuardian PCI Scan Compliance Report indicates 'NOT COMPLIANT' then vulnerabilities with severity rating of 3, 4 or 5 were discovered on your externally facing IP addresses. The accompanying Audit Report contains a detailed synopsis of every vulnerability prioritized by threat severity. Each discovered vulnerability is accompanied with solutions, expert advice and cross referenced links to help you fix the problem. You should fix all vulnerabilities identified as a 'Security Hole'. ...
A copy of the self-assessment questionnaire is available on the Comodo HackerGuardian website Users have the option to fill out the questionnaire online or to download in pdf format. Merchants have to answer all questions with 'Yes' or 'N/A' to be considered compliant with the self assessment questionnaire module of the PCI Data Security Standard. Answering 'No' to any question means the merchant or service provider is not compliant. The risk(s) identified by the questionnaire must be r...
Right here!! Comodo HackerGuardian offers a range of PCI compliance services designed for merchants and service providers of all sizes. For more information go the HackerGuardian website
The Payment Card Industry Standards, Security Audit Procedures, Self-Assessment Questionnaire, and Security Scanning Requirements are effective immediately.
Validation and enforcement is the responsibility of the acquiring financial institution or payment processor. For each instance of non-compliance, these organizations levy various penalties onto merchants and service providers which can include: 1. Increased transaction processing fees 2. Fines of up to $550,000 for serious breaches 3. Suspension of credit card transaction processing abilities Comodo HackerGuardian provides a range of services that make PCI compliance easy. Find ou...
Step 1. Conduct a quarterly vulnerability scan on your externally facing IP addresses Sign up for one of our PCI scanning services. Prices range from Free to $150 per year for Enterprises. HackerGuardian will conduct an in-depth audit of your network to detect vulnerabilities on your network and web-server. If your servers fail the test, you will find lots of helpful advisories in the scan report that will help you patch the security holes. After your infrastructure passes the sca...
Apart from the knowledgebase articles, we have the other resources below. 1. Forums 2. Troubleshooter
SECURITY ALERT : NO WEB SERVER CAN BE FOUND ON THE IP ADDRESS WHICH YOUR DOMAIN NAME RESOLVES TO. The issue is usually caused by the blocking of the HackerGuardian server we scan from. In order to have scans performed successfully the following IP address ranges need to be unblocked or white listed 199.66.200.32/28 (which translates as 199.66.200.32 through 199.66.200.48) and 91.209.196.32/28 (which translates as 91.209.196.32 through 91.209.196.48) . Please ensure these are allowed through...
Do the daily scans scan all web pages in the web server directory? HackerGuardian first performs a generic scan only, scanning for generic areas which have reported vulnerabilities. Results from the generic scans will determine if deeper tests are carried out. So, the answer to the question is 'it might', but that is based on the results of the generic scan.
To view an example of the hacker proof installation please click the below image. To view the source of the page right-click the mouse on the page and select: View Source using Internet Explorer View Page Source using Firefox Source using Opera For further installation instructions please visit http://www.comodo.com/hackerproof/logo.html **Please note you will need to replace the coverageID with your own coverageID for the logo to work correctly. This coverageID will be sent...
The HackerProof trial always runs in A/B mode. What does this mean? Our HackerProof trust mark is visible by 50% of a site's visitors and not visible to the other 50% based on unique IP address. What is A/B? A method of testing that allows you to compare and contrast two or more variables. How do I compare the results? Log in to your account at comodo.com to access "trusts served" and "hosted logo views" . This will give you visibility into the number of users that have mouse...
The PCI DSS guidelines are published by the PCI Standards Council and can be downloaded here: https://www.pcisecuritystandards.org/security_standards/pci_dss_download.html
The HackerGuardian FAQs can be found here: https://www.hackerguardian.com/hackerguardian/faqs.html
Inconclusive / Scan Interference reports indicate either that a firewall, IDS, or IPS is blocking the scanner from connecting to your servers or you're scanning a router or device that does not host any services. In case of the former, you and or your host and or your ISP will have to whitelist our IP range for incoming connections. The IP ranges we use: CIDR: 91.209.196.32/28 which translates to: 91.209.196.32 through 91.209.196.48 CIDR: 199.66.200.32/28 which translates to 199.66.200.32 t...
PCI scanning is required when credit card data is being accepted on your own web site or when your PoS machines are accessible remotely from the Internet. In the latter case, justification must me provided as to why they are accessible remotely.
We do not provide a 'PCI certificate of compliance' as this does not confirm whether a merchant is PCI compliant as per PCI DSS rules. It is the responsibility of the merchant acquirer / payment processor to determine a merchant's PCI compliance based on the executive and vulnerability reports, attestation of compliance documents (these three documents are contained in a report pack), and your SAQ (Self Assessment Questionnaire). Related: How to download a Report Pack from HackerGuardian [ht...