Clear Pci Vulnerability Scans Web2
- 1. PRODUCT SHEET The Payment Card Industry (PCI) Data Security Standard (DSS) requires all firms processing card based payments to perform periodic external vulnerability scans via an Approved Scan Vendor (ASV). With ClearPCI, scans can be scheduled with ease and come with the reporting and documentation required for PCI compliance. ClearPCI’s low annual fee allows you unlimited scanning for up to 5 IP addresses to re-scan your environment as often as needed. You no longer need to be a security expert or hire expensive consultants. ClearPCI’s ASV Certified Vulnerability Scanning gives you the power to quickly and easily identify, assess and report on potential vulnerabilities. Through simple online scheduling and optionally automated scans, ClearPCI’s online Vulnerability Scanning simplifies your compliance efforts! • Unlimited scanning of up to five IP addresses • Identifies vulnerabilities to hackers, worms and viruses • Online scheduling and report management • ClearPCI ONE integration for greater protection and lower costs Unlimited Scans for One Year!* The easiest and lowest cost PCI scanning available. Quickly and easily generate the documentation you need for PCI Compliance: • Attestation Report • Executive Summary • Detailed Assessment Report Get Started Today! Visit: www.ClearPCI.com Vulnerability Scanning for PCI Compliance Comprehensive PCI, One Simple Solution ASV Scan Report Report Generated: October 21, 2010 1.0 Introduction Based upon the results of your scan performed on October 15, 2010, at 10:56 AM by PCI Approved Scanning Vendor SAINT Corporation under certificate number 4268-01-02, Cybera, Inc. is globally PCI compliant with the PCI scan validation requirement. The PCI vulnerability assessment was conducted using the SAINT 7.4.9 vulnerability scanner. The scan discovered a total of four live hosts, and detected two critical problems, zero areas of concern, and 11 potential problems. The hosts and problems detected are discussed in greater detail in the following sections. This report was generated by SAINT Corporation with the guidelines of the PCI data security initiative. 2.0 Overview The following tables present an overview of the hosts discovered on the network and the vulnerabilities contained therein. 2.1 Host List This table presents an overview of the hosts discovered on the network. Host Name Netbios Name IP Address Critical Problems Areas of Concern Potential Problems PCI Compliant? atlanta.speedtest.cybera.net 64.202.128.8 1 0 4 PASS chicago.speedtest.cybera.net 64.202.128.38 1 0 4 PASS csg2.ch1.cybera.net 64.202.128.41 0 0 2 PASS script.cybera.net 64.202.128.51 0 0 1 PASS 3.0 Part 3a. Vulnerabilities Noted for each IP Address This table presents an overview of the vulnerabilities detected on the network. IP Address Vulnerability /Service CVE PCI Severity CVSSv2 Base Score PCI Compliant? PCI Reason 64.202.128.8 mod_proxy vulnerability in Apache version: 2.2.16 CVE-2009-1890 medium 5.0 PASS DOS vulnerabilities are PCI compliant 64.202.128.8 Remote OS available low 2.6 PASS SAINT calculated its own CVSS score for this vulnerability because it was not found in the NVD. 1 ASV Scan Report Report Generated: October 21, 2010 Customer and ASV Information Customer Information ASV Information Company: Cybera, Inc. Company: SAINT Corporation Contact: David Abbott Contact: Billy Austin Title: SVP Engineering Tehcnology Title: Cheif Security Officer Telephone: 615.301-2376 Telephone: 301-841-0119 E-mail: david.abbott@cybera.net E-mail: austin@saintcorporation.com Business Address: 9009 Carothers Pkwy Business Address: 4720 Montgomery Lane City: Franklin City: Bethesda State/Province: TN State/Province: MD ZIP: 37067 ZIP: 20814 URL: www.clearpci.com URL: www.saintcorporation.com Scan Status - Compliance Status: PASS - Number of unique components scanned: 4 - Number of identified failing vulnerabilities: 0 - Number of components found by ASV but not scanned because scan customer confirmed components were out of scope: 6 - Date scan completed: October 15, 2010 - Scan expiration date (90 days from scan date): January 13, 2011 Scan Customer Attestation Cybera, Inc. attests on October 15, 2010 that this scan includes all components* which should be in scope for PCI DSS, any component considered out-of-scope for this scan is properly segmented from my cardholder data environment, and any evidence submitted to the ASV to resolve scan exceptions is accurate and complete. Cybera, Inc. also acknowledges the following: 1) proper scoping of this external scan is my responsibility, and 2) this scan result only indicates whether or not my scanned systems are compliant with the external vulnerability scan requirement of PCI DSS; this scan result does not represent my overall compliance status with PCI DSS or provide any indication of compliance with other PCI DSS requirements. ASV Attestation This scan and report was prepared and conducted by SAINT Corporation under certificate number ___________________, according to internal processes that meet PCI DSS requirement 11.2 and the PCI DSS ASV Program Guide. SAINT Corporation attests that the PCI DSS scan process was followed, including a manual or automated Quality Assurance process with customer boarding and scoping practices, review of results for anomalies, and review and correction of 1) disputed or incomplete results, 2) false positives, and 3) active scan interference. This report and any exceptions were reviewed by SAINT Corporation. 1 ASV Scan Report Report Generated: October 21, 2010 1.0 Introduction Based upon the results of your scan performed on October 15, 2010, at 10:56 AM by PCI Approved Scanning Vendor SAINT Corporation under certificate number 4268-01-02, Cybera, Inc. is globally PCI compliant with the PCI scan validation requirement. The PCI vulnerability assessment was conducted using the SAINT 7.4.9 vulnerability scanner. The scan discovered a total of four live hosts, and detected two critical problems, zero areas of concern, and 11 potential problems. The hosts and problems detected are discussed in greater detail in the following sections. This report was generated by SAINT Corporation within the guidelines of the PCI data security initiative. 2.0 Overview The following vulnerability severity levels are used to categorize the vulnerabilities: CRITICAL PROBLEMSVulnerabilities which pose an immediate threat to the network by allowing a remote attacker to directly gain read or write access, execute commands on the target, or create a denial of service. AREAS OF CONCERNVulnerabilities which do not directly allow remote access, but do allow privilege elevation attacks, attacks on other targets using the vulnerable host as an intermediary, or gathering of passwords or configuration information which could be used to plan an attack. POTENTIAL PROBLEMSWarnings which may or may not be vulnerabilities, depending upon the patch level or configuration of the target. Further investigation on the part of the system administrator may be necessary. SERVICES Network services which accept client connections on a given TCP or UDP port. This is simply a count of network services, and does not imply that the service is or is not vulnerable. The following tables present an overview of the hosts discovered on the network and the vulnerabilities contained therein. 2.1 Vulnerability List This table presents an overview of the vulnerabilities detected on the network. Host Name Vulnerability / Service Class CVE CVSSv2 Base Score PCI Compliant? PCI Severity 1 *For up to 5 IP addresses
- 2. email: call: click: solutions@clearpci.com 1.877.5PCINOW (572.4669) www.clearpci.com PRODUCT SHEET …when hackers win, everyone else loses. Making Compliance Easier Understanding the PCI DSS can be daunting. With over 220 individual requirements, most merchants struggle to comprehend the various solutions and tools necessary to become compliant. ClearPCI simplifies PCI compliance for the merchant by removing cost and complexity. The ClearPCI Vulnerability Scanning solution is easy to use and provides you with the information you need to identify vulnerabilities and ultimately become compliant. • All scanning and documentation provided by a PCI Certified Approved Scan Vendor (ASV) • Correlates industry standard identifiers such as CVE, OSVDB, BID, OVAL, SANS/FBI Top 20, CVSS score, vendor ID and many more • Over 15,000 individual vulnerability tests performed during each scan • Automated detection and assessment of open ports and vulnerable configurations Full Integration with ClearPCI ONE For even greater cost savings, ClearPCI Vulnerability Scanning is integrated with ClearPCI ONE, a comprehensive solution for PCI compliance. Instead of assembling security tools and services from a variety of vendors, choose ClearPCI and reduce cost and complexity of PCI. ClearPCI automatically performs and posts quarterly external scans to your online account. At no additional charge, you’ll get documentation for submission to your merchant services provider or transaction processor. Also included for free is the flexibility to schedule unlimited vulnerability scans up to 5 additional IP addresses! ClearPCI One ClearPCI ONE is the industry’s leading solution for PCI compliance – delivering the most comprehensive set of services available. Implement ClearPCI ONE at your merchant location for even greater control and savings! • Online Self Assessment Questionnaire (SAQ) • Vulnerability scanning by certified ASV • SCA-300 series on-site security appliance • Managed firewall service • Managed intrusion detection services • Rogue wireless detection reporting • Hosted anti-virus, anti-spam, content filtering • Security information logging alerting • 12-month remote log storage • Online solution management portal • 24x7 Security Operations Center • Customizable PCI policy templates Get Started Today! Visit: www.ClearPCI.com