SlideShare a Scribd company logo

Clear Pci Vulnerability Scans Web2

C
Cybera Inc
Technology
1 of 2
Download to read offline
PRODUCT SHEET The Payment Card Industry (PCI) Data Security Standard (DSS) requires all firms processing card based payments to perform periodic external vulnerability scans via an Approved Scan Vendor (ASV). With ClearPCI, scans can be scheduled with ease and come with the reporting and documentation required for PCI compliance. ClearPCI’s low annual fee allows you unlimited scanning for up to 5 IP addresses to re-scan your environment as often as needed. You no longer need to be a security expert or hire expensive consultants. ClearPCI’s ASV Certified Vulnerability Scanning gives you the power to quickly and easily identify, assess and report on potential vulnerabilities. Through simple online scheduling and optionally automated scans, ClearPCI’s online Vulnerability Scanning simplifies your compliance efforts! • Unlimited scanning of up to five IP addresses • Identifies vulnerabilities to hackers, worms and viruses • Online scheduling and report management • ClearPCI ONE integration for greater protection and lower costs Unlimited Scans for One Year!* The easiest and lowest cost PCI scanning available. Quickly and easily generate the documentation you need for PCI Compliance: • Attestation Report • Executive Summary • Detailed Assessment Report Get Started Today! Visit: www.ClearPCI.com Vulnerability Scanning for PCI Compliance Comprehensive PCI, One Simple Solution ASV Scan Report Report Generated: October 21, 2010 1.0 Introduction Based upon the results of your scan performed on October 15, 2010, at 10:56 AM by PCI Approved Scanning Vendor SAINT Corporation under certificate number 4268-01-02, Cybera, Inc. is globally PCI compliant with the PCI scan validation requirement. The PCI vulnerability assessment was conducted using the SAINT 7.4.9 vulnerability scanner. The scan discovered a total of four live hosts, and detected two critical problems, zero areas of concern, and 11 potential problems. The hosts and problems detected are discussed in greater detail in the following sections. This report was generated by SAINT Corporation with the guidelines of the PCI data security initiative. 2.0 Overview The following tables present an overview of the hosts discovered on the network and the vulnerabilities contained therein. 2.1 Host List This table presents an overview of the hosts discovered on the network. Host Name Netbios Name IP Address Critical Problems Areas of Concern Potential Problems PCI Compliant? atlanta.speedtest.cybera.net 64.202.128.8 1 0 4 PASS chicago.speedtest.cybera.net 64.202.128.38 1 0 4 PASS csg2.ch1.cybera.net 64.202.128.41 0 0 2 PASS script.cybera.net 64.202.128.51 0 0 1 PASS 3.0 Part 3a. Vulnerabilities Noted for each IP Address This table presents an overview of the vulnerabilities detected on the network. IP Address Vulnerability /Service CVE PCI Severity CVSSv2 Base Score PCI Compliant? PCI Reason 64.202.128.8 mod_proxy vulnerability in Apache version: 2.2.16 CVE-2009-1890 medium 5.0 PASS DOS vulnerabilities are PCI compliant 64.202.128.8 Remote OS available low 2.6 PASS SAINT calculated its own CVSS score for this vulnerability because it was not found in the NVD. 1 ASV Scan Report Report Generated: October 21, 2010 Customer and ASV Information Customer Information ASV Information Company: Cybera, Inc. Company: SAINT Corporation Contact: David Abbott Contact: Billy Austin Title: SVP Engineering Tehcnology Title: Cheif Security Officer Telephone: 615.301-2376 Telephone: 301-841-0119 E-mail: david.abbott@cybera.net E-mail: austin@saintcorporation.com Business Address: 9009 Carothers Pkwy Business Address: 4720 Montgomery Lane City: Franklin City: Bethesda State/Province: TN State/Province: MD ZIP: 37067 ZIP: 20814 URL: www.clearpci.com URL: www.saintcorporation.com Scan Status - Compliance Status: PASS - Number of unique components scanned: 4 - Number of identified failing vulnerabilities: 0 - Number of components found by ASV but not scanned because scan customer confirmed components were out of scope: 6 - Date scan completed: October 15, 2010 - Scan expiration date (90 days from scan date): January 13, 2011 Scan Customer Attestation Cybera, Inc. attests on October 15, 2010 that this scan includes all components* which should be in scope for PCI DSS, any component considered out-of-scope for this scan is properly segmented from my cardholder data environment, and any evidence submitted to the ASV to resolve scan exceptions is accurate and complete. Cybera, Inc. also acknowledges the following: 1) proper scoping of this external scan is my responsibility, and 2) this scan result only indicates whether or not my scanned systems are compliant with the external vulnerability scan requirement of PCI DSS; this scan result does not represent my overall compliance status with PCI DSS or provide any indication of compliance with other PCI DSS requirements. ASV Attestation This scan and report was prepared and conducted by SAINT Corporation under certificate number ___________________, according to internal processes that meet PCI DSS requirement 11.2 and the PCI DSS ASV Program Guide. SAINT Corporation attests that the PCI DSS scan process was followed, including a manual or automated Quality Assurance process with customer boarding and scoping practices, review of results for anomalies, and review and correction of 1) disputed or incomplete results, 2) false positives, and 3) active scan interference. This report and any exceptions were reviewed by SAINT Corporation. 1 ASV Scan Report Report Generated: October 21, 2010 1.0 Introduction Based upon the results of your scan performed on October 15, 2010, at 10:56 AM by PCI Approved Scanning Vendor SAINT Corporation under certificate number 4268-01-02, Cybera, Inc. is globally PCI compliant with the PCI scan validation requirement. The PCI vulnerability assessment was conducted using the SAINT 7.4.9 vulnerability scanner. The scan discovered a total of four live hosts, and detected two critical problems, zero areas of concern, and 11 potential problems. The hosts and problems detected are discussed in greater detail in the following sections. This report was generated by SAINT Corporation within the guidelines of the PCI data security initiative. 2.0 Overview The following vulnerability severity levels are used to categorize the vulnerabilities: CRITICAL PROBLEMSVulnerabilities which pose an immediate threat to the network by allowing a remote attacker to directly gain read or write access, execute commands on the target, or create a denial of service. AREAS OF CONCERNVulnerabilities which do not directly allow remote access, but do allow privilege elevation attacks, attacks on other targets using the vulnerable host as an intermediary, or gathering of passwords or configuration information which could be used to plan an attack. POTENTIAL PROBLEMSWarnings which may or may not be vulnerabilities, depending upon the patch level or configuration of the target. Further investigation on the part of the system administrator may be necessary. SERVICES Network services which accept client connections on a given TCP or UDP port. This is simply a count of network services, and does not imply that the service is or is not vulnerable. The following tables present an overview of the hosts discovered on the network and the vulnerabilities contained therein. 2.1 Vulnerability List This table presents an overview of the vulnerabilities detected on the network. Host Name Vulnerability / Service Class CVE CVSSv2 Base Score PCI Compliant? PCI Severity 1 *For up to 5 IP addresses
email: call: click: solutions@clearpci.com 1.877.5PCINOW (572.4669) www.clearpci.com PRODUCT SHEET …when hackers win, everyone else loses. Making Compliance Easier Understanding the PCI DSS can be daunting. With over 220 individual requirements, most merchants struggle to comprehend the various solutions and tools necessary to become compliant. ClearPCI simplifies PCI compliance for the merchant by removing cost and complexity. The ClearPCI Vulnerability Scanning solution is easy to use and provides you with the information you need to identify vulnerabilities and ultimately become compliant. • All scanning and documentation provided by a PCI Certified Approved Scan Vendor (ASV) • Correlates industry standard identifiers such as CVE, OSVDB, BID, OVAL, SANS/FBI Top 20, CVSS score, vendor ID and many more • Over 15,000 individual vulnerability tests performed during each scan • Automated detection and assessment of open ports and vulnerable configurations Full Integration with ClearPCI ONE For even greater cost savings, ClearPCI Vulnerability Scanning is integrated with ClearPCI ONE, a comprehensive solution for PCI compliance. Instead of assembling security tools and services from a variety of vendors, choose ClearPCI and reduce cost and complexity of PCI. ClearPCI automatically performs and posts quarterly external scans to your online account. At no additional charge, you’ll get documentation for submission to your merchant services provider or transaction processor. Also included for free is the flexibility to schedule unlimited vulnerability scans up to 5 additional IP addresses! ClearPCI One ClearPCI ONE is the industry’s leading solution for PCI compliance – delivering the most comprehensive set of services available. Implement ClearPCI ONE at your merchant location for even greater control and savings! • Online Self Assessment Questionnaire (SAQ) • Vulnerability scanning by certified ASV • SCA-300 series on-site security appliance • Managed firewall service • Managed intrusion detection services • Rogue wireless detection reporting • Hosted anti-virus, anti-spam, content filtering • Security information logging alerting • 12-month remote log storage • Online solution management portal • 24x7 Security Operations Center • Customizable PCI policy templates Get Started Today! Visit: www.ClearPCI.com

Recommended

Bank World 2008 Kamens 04 29 08
Bank World 2008 Kamens 04 29 08Bank World 2008 Kamens 04 29 08
Bank World 2008 Kamens 04 29 08kamensm02
 
Breaking Closed Systems with Code-Signing and Mitigation Techniques
Breaking Closed Systems with Code-Signing and Mitigation TechniquesBreaking Closed Systems with Code-Signing and Mitigation Techniques
Breaking Closed Systems with Code-Signing and Mitigation TechniquesPriyanka Aash
 
Datasheet app vulnerability_assess
Datasheet app vulnerability_assessDatasheet app vulnerability_assess
Datasheet app vulnerability_assessBirodh Rijal
 
Targeted Threat (APT) Defense for Applications Featuring pxGrid: a deep dive
Targeted Threat (APT) Defense for Applications Featuring pxGrid: a deep diveTargeted Threat (APT) Defense for Applications Featuring pxGrid: a deep dive
Targeted Threat (APT) Defense for Applications Featuring pxGrid: a deep diveCisco DevNet
 
DS_Sentinel_4pg_031513
DS_Sentinel_4pg_031513DS_Sentinel_4pg_031513
DS_Sentinel_4pg_031513Tiffeny Price
 
Certificate Management Protocols for 1609.2 Certificates
Certificate Management Protocols for 1609.2 CertificatesCertificate Management Protocols for 1609.2 Certificates
Certificate Management Protocols for 1609.2 CertificatesOnBoard Security, Inc. - a Qualcomm Company
 
Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892Risk Crew
 
technical overview - endpoint protection 10.3.3
technical overview - endpoint protection 10.3.3technical overview - endpoint protection 10.3.3
technical overview - endpoint protection 10.3.3Muhammad Denis Iqbal
 

Recommended

Bank World 2008 Kamens 04 29 08
Bank World 2008 Kamens 04 29 08Bank World 2008 Kamens 04 29 08
Bank World 2008 Kamens 04 29 08kamensm02
 
Breaking Closed Systems with Code-Signing and Mitigation Techniques
Breaking Closed Systems with Code-Signing and Mitigation TechniquesBreaking Closed Systems with Code-Signing and Mitigation Techniques
Breaking Closed Systems with Code-Signing and Mitigation TechniquesPriyanka Aash
 
Datasheet app vulnerability_assess
Datasheet app vulnerability_assessDatasheet app vulnerability_assess
Datasheet app vulnerability_assessBirodh Rijal
 
Targeted Threat (APT) Defense for Applications Featuring pxGrid: a deep dive
Targeted Threat (APT) Defense for Applications Featuring pxGrid: a deep diveTargeted Threat (APT) Defense for Applications Featuring pxGrid: a deep dive
Targeted Threat (APT) Defense for Applications Featuring pxGrid: a deep diveCisco DevNet
 
DS_Sentinel_4pg_031513
DS_Sentinel_4pg_031513DS_Sentinel_4pg_031513
DS_Sentinel_4pg_031513Tiffeny Price
 
Certificate Management Protocols for 1609.2 Certificates
Certificate Management Protocols for 1609.2 CertificatesCertificate Management Protocols for 1609.2 Certificates
Certificate Management Protocols for 1609.2 CertificatesOnBoard Security, Inc. - a Qualcomm Company
 
Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892Riskfactorypcitheessentials 151125164111-lva1-app6892
Riskfactorypcitheessentials 151125164111-lva1-app6892Risk Crew
 
technical overview - endpoint protection 10.3.3
technical overview - endpoint protection 10.3.3technical overview - endpoint protection 10.3.3
technical overview - endpoint protection 10.3.3Muhammad Denis Iqbal
 
Checkpoint ccsa r76
Checkpoint ccsa r76Checkpoint ccsa r76
Checkpoint ccsa r76Vaibhav Agrawal
 
User id installation and configuration
User id installation and configurationUser id installation and configuration
User id installation and configurationAlberto Rivai
 
IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...
IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...
IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...OnBoard Security, Inc. - a Qualcomm Company
 
SDP Glossary v2.0
SDP Glossary v2.0 SDP Glossary v2.0
SDP Glossary v2.0 Shamun Mahmud
 
Vpn
VpnVpn
VpnLan & Wan Solutions
 
Managed Vulnerability Scan
Managed Vulnerability ScanManaged Vulnerability Scan
Managed Vulnerability ScanShawn Jordan
 
Checkpoint Firewall Training | Checkpoint Firewall Online Course
Checkpoint Firewall Training | Checkpoint Firewall Online CourseCheckpoint Firewall Training | Checkpoint Firewall Online Course
Checkpoint Firewall Training | Checkpoint Firewall Online CourseGlobal Online Trainings
 
Car cybersecurity: What do automakers really think?
Car cybersecurity: What do automakers really think?Car cybersecurity: What do automakers really think?
Car cybersecurity: What do automakers really think?OnBoard Security, Inc. - a Qualcomm Company
 
Tech t18
Tech t18Tech t18
Tech t18SelectedPresentations
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone
 
Check Point designing a security
Check Point designing a securityCheck Point designing a security
Check Point designing a securityGroup of company MUK
 
Point-to-Point Encryption: Best Practices and PCI Compliance Update
Point-to-Point Encryption: Best Practices and PCI Compliance UpdatePoint-to-Point Encryption: Best Practices and PCI Compliance Update
Point-to-Point Encryption: Best Practices and PCI Compliance UpdateMerchant Link
 
Security Advantages of Software-Defined Networking
Security Advantages of Software-Defined NetworkingSecurity Advantages of Software-Defined Networking
Security Advantages of Software-Defined NetworkingPriyanka Aash
 
Check point presentation june 2014
Check point presentation june 2014Check point presentation june 2014
Check point presentation june 2014David Berkelmans
 
checkpoint
checkpointcheckpoint
checkpointMayank Dhingra
 
How to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityCryptzone
 
Cryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone
 
Social Security Admin FISMA Audit
Social Security Admin FISMA AuditSocial Security Admin FISMA Audit
Social Security Admin FISMA AuditDavid Sweigert
 
CIP for PCI 4.0 Solution Guide for ArcSight Logger
CIP for PCI 4.0 Solution Guide for ArcSight LoggerCIP for PCI 4.0 Solution Guide for ArcSight Logger
CIP for PCI 4.0 Solution Guide for ArcSight Loggerprotect724rkeer
 
How to Choose a SandBox - Gartner
How to Choose a SandBox - GartnerHow to Choose a SandBox - Gartner
How to Choose a SandBox - GartnerMoti Sagey מוטי שגיא
 
AL_PCI-Cheatsheet_web
AL_PCI-Cheatsheet_webAL_PCI-Cheatsheet_web
AL_PCI-Cheatsheet_webDerrick McBreairty
 
PCI DSS ASV Scanning from Nettitude
PCI DSS ASV Scanning from NettitudePCI DSS ASV Scanning from Nettitude
PCI DSS ASV Scanning from Nettitudespillans
 

More Related Content

What's hot

User id installation and configuration
User id installation and configurationUser id installation and configuration
User id installation and configurationAlberto Rivai
 
IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...
IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...
IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...OnBoard Security, Inc. - a Qualcomm Company
 
Managed Vulnerability Scan
Managed Vulnerability ScanManaged Vulnerability Scan
Managed Vulnerability ScanShawn Jordan
 
Checkpoint Firewall Training | Checkpoint Firewall Online Course
Checkpoint Firewall Training | Checkpoint Firewall Online CourseCheckpoint Firewall Training | Checkpoint Firewall Online Course
Checkpoint Firewall Training | Checkpoint Firewall Online CourseGlobal Online Trainings
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone
 
Point-to-Point Encryption: Best Practices and PCI Compliance Update
Point-to-Point Encryption: Best Practices and PCI Compliance UpdatePoint-to-Point Encryption: Best Practices and PCI Compliance Update
Point-to-Point Encryption: Best Practices and PCI Compliance UpdateMerchant Link
 
Security Advantages of Software-Defined Networking
Security Advantages of Software-Defined NetworkingSecurity Advantages of Software-Defined Networking
Security Advantages of Software-Defined NetworkingPriyanka Aash
 
Check point presentation june 2014
Check point presentation june 2014Check point presentation june 2014
Check point presentation june 2014David Berkelmans
 
How to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityCryptzone
 
Cryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone
 
Social Security Admin FISMA Audit
Social Security Admin FISMA AuditSocial Security Admin FISMA Audit
Social Security Admin FISMA AuditDavid Sweigert
 
CIP for PCI 4.0 Solution Guide for ArcSight Logger
CIP for PCI 4.0 Solution Guide for ArcSight LoggerCIP for PCI 4.0 Solution Guide for ArcSight Logger
CIP for PCI 4.0 Solution Guide for ArcSight Loggerprotect724rkeer
 

What's hot (20)

Checkpoint ccsa r76
Checkpoint ccsa r76Checkpoint ccsa r76
Checkpoint ccsa r76
 
User id installation and configuration
User id installation and configurationUser id installation and configuration
User id installation and configuration
 
IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...
IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...
IEEE 1609.2 and Connected Vehicle Security: Standards Making in a Pocket Univ...
 
SDP Glossary v2.0
SDP Glossary v2.0 SDP Glossary v2.0
SDP Glossary v2.0
 
Vpn
VpnVpn
Vpn
 
Managed Vulnerability Scan
Managed Vulnerability ScanManaged Vulnerability Scan
Managed Vulnerability Scan
 
Checkpoint Firewall Training | Checkpoint Firewall Online Course
Checkpoint Firewall Training | Checkpoint Firewall Online CourseCheckpoint Firewall Training | Checkpoint Firewall Online Course
Checkpoint Firewall Training | Checkpoint Firewall Online Course
 
Car cybersecurity: What do automakers really think?
Car cybersecurity: What do automakers really think?Car cybersecurity: What do automakers really think?
Car cybersecurity: What do automakers really think?
 
Tech t18
Tech t18Tech t18
Tech t18
 
Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?Cryptzone: What is a Software-Defined Perimeter?
Cryptzone: What is a Software-Defined Perimeter?
 
Check Point designing a security
Check Point designing a securityCheck Point designing a security
Check Point designing a security
 
Point-to-Point Encryption: Best Practices and PCI Compliance Update
Point-to-Point Encryption: Best Practices and PCI Compliance UpdatePoint-to-Point Encryption: Best Practices and PCI Compliance Update
Point-to-Point Encryption: Best Practices and PCI Compliance Update
 
Security Advantages of Software-Defined Networking
Security Advantages of Software-Defined NetworkingSecurity Advantages of Software-Defined Networking
Security Advantages of Software-Defined Networking
 
Check point presentation june 2014
Check point presentation june 2014Check point presentation june 2014
Check point presentation june 2014
 
checkpoint
checkpointcheckpoint
checkpoint
 
How to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network Security
 
Cryptzone AppGate Technical Architecture
Cryptzone AppGate Technical ArchitectureCryptzone AppGate Technical Architecture
Cryptzone AppGate Technical Architecture
 
Social Security Admin FISMA Audit
Social Security Admin FISMA AuditSocial Security Admin FISMA Audit
Social Security Admin FISMA Audit
 
CIP for PCI 4.0 Solution Guide for ArcSight Logger
CIP for PCI 4.0 Solution Guide for ArcSight LoggerCIP for PCI 4.0 Solution Guide for ArcSight Logger
CIP for PCI 4.0 Solution Guide for ArcSight Logger
 
How to Choose a SandBox - Gartner
How to Choose a SandBox - GartnerHow to Choose a SandBox - Gartner
How to Choose a SandBox - Gartner
 

Similar to Clear Pci Vulnerability Scans Web2

PCI DSS ASV Scanning from Nettitude
PCI DSS ASV Scanning from NettitudePCI DSS ASV Scanning from Nettitude
PCI DSS ASV Scanning from Nettitudespillans
 
Risk Factory: PCI - The Essentials
Risk Factory: PCI - The EssentialsRisk Factory: PCI - The Essentials
Risk Factory: PCI - The EssentialsRisk Crew
 
How to Simplify PCI DSS Compliance with AlienVault USM
How to Simplify PCI DSS Compliance with AlienVault USMHow to Simplify PCI DSS Compliance with AlienVault USM
How to Simplify PCI DSS Compliance with AlienVault USMAlienVault
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesControlCase
 
PCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance StrategyPCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance StrategyAlienVault
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMAlienVault
 
Mobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best PracticesMobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best PracticesCisco Canada
 
PCI DSS and PA DSS Compliance
PCI DSS and PA DSS CompliancePCI DSS and PA DSS Compliance
PCI DSS and PA DSS ComplianceControlCase
 
The emerging pci dss and nist standards
The emerging pci dss and nist standardsThe emerging pci dss and nist standards
The emerging pci dss and nist standardsUlf Mattsson
 
PCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowPCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowAlienVault
 
MIT-MON Day4 Context.pptx
MIT-MON Day4 Context.pptxMIT-MON Day4 Context.pptx
MIT-MON Day4 Context.pptxCouronne1
 
How PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsHow PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsBen Rothke
 
An Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power SystemsAn Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power SystemsHelpSystems
 

Similar to Clear Pci Vulnerability Scans Web2 (20)

AL_PCI-Cheatsheet_web
AL_PCI-Cheatsheet_webAL_PCI-Cheatsheet_web
AL_PCI-Cheatsheet_web
 
PCI DSS ASV Scanning from Nettitude
PCI DSS ASV Scanning from NettitudePCI DSS ASV Scanning from Nettitude
PCI DSS ASV Scanning from Nettitude
 
Risk Factory: PCI - The Essentials
Risk Factory: PCI - The EssentialsRisk Factory: PCI - The Essentials
Risk Factory: PCI - The Essentials
 
How to Simplify PCI DSS Compliance with AlienVault USM
How to Simplify PCI DSS Compliance with AlienVault USMHow to Simplify PCI DSS Compliance with AlienVault USM
How to Simplify PCI DSS Compliance with AlienVault USM
 
Managing Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust PrinciplesManaging Multiple Assessments Using Zero Trust Principles
Managing Multiple Assessments Using Zero Trust Principles
 
Penetration Test Report
Penetration Test ReportPenetration Test Report
Penetration Test Report
 
PCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance StrategyPCI DSS v3.0: How to Adapt Your Compliance Strategy
PCI DSS v3.0: How to Adapt Your Compliance Strategy
 
Qualys Webex 24 June 2008
Qualys Webex 24 June 2008Qualys Webex 24 June 2008
Qualys Webex 24 June 2008
 
PCI DSSand PA DSS
PCI DSSand PA DSSPCI DSSand PA DSS
PCI DSSand PA DSS
 
Simplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USMSimplify PCI DSS Compliance with AlienVault USM
Simplify PCI DSS Compliance with AlienVault USM
 
Mobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best PracticesMobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best Practices
 
PCI DSS and PA DSS
PCI DSS and PA DSSPCI DSS and PA DSS
PCI DSS and PA DSS
 
PCI DSS and PA DSS Compliance
PCI DSS and PA DSS CompliancePCI DSS and PA DSS Compliance
PCI DSS and PA DSS Compliance
 
PCI DSS and PA DSS Compliance
PCI DSS and PA DSS CompliancePCI DSS and PA DSS Compliance
PCI DSS and PA DSS Compliance
 
The emerging pci dss and nist standards
The emerging pci dss and nist standardsThe emerging pci dss and nist standards
The emerging pci dss and nist standards
 
PCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to KnowPCI DSS Simplified: What You Need to Know
PCI DSS Simplified: What You Need to Know
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
 
MIT-MON Day4 Context.pptx
MIT-MON Day4 Context.pptxMIT-MON Day4 Context.pptx
MIT-MON Day4 Context.pptx
 
How PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applicationsHow PCI And PA DSS will change enterprise applications
How PCI And PA DSS will change enterprise applications
 
An Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power SystemsAn Introduction to PCI Compliance on IBM Power Systems
An Introduction to PCI Compliance on IBM Power Systems
 

Recently uploaded

Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 

Recently uploaded (20)

Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 

Clear Pci Vulnerability Scans Web2

  • 1. PRODUCT SHEET The Payment Card Industry (PCI) Data Security Standard (DSS) requires all firms processing card based payments to perform periodic external vulnerability scans via an Approved Scan Vendor (ASV). With ClearPCI, scans can be scheduled with ease and come with the reporting and documentation required for PCI compliance. ClearPCI’s low annual fee allows you unlimited scanning for up to 5 IP addresses to re-scan your environment as often as needed. You no longer need to be a security expert or hire expensive consultants. ClearPCI’s ASV Certified Vulnerability Scanning gives you the power to quickly and easily identify, assess and report on potential vulnerabilities. Through simple online scheduling and optionally automated scans, ClearPCI’s online Vulnerability Scanning simplifies your compliance efforts! • Unlimited scanning of up to five IP addresses • Identifies vulnerabilities to hackers, worms and viruses • Online scheduling and report management • ClearPCI ONE integration for greater protection and lower costs Unlimited Scans for One Year!* The easiest and lowest cost PCI scanning available. Quickly and easily generate the documentation you need for PCI Compliance: • Attestation Report • Executive Summary • Detailed Assessment Report Get Started Today! Visit: www.ClearPCI.com Vulnerability Scanning for PCI Compliance Comprehensive PCI, One Simple Solution ASV Scan Report Report Generated: October 21, 2010 1.0 Introduction Based upon the results of your scan performed on October 15, 2010, at 10:56 AM by PCI Approved Scanning Vendor SAINT Corporation under certificate number 4268-01-02, Cybera, Inc. is globally PCI compliant with the PCI scan validation requirement. The PCI vulnerability assessment was conducted using the SAINT 7.4.9 vulnerability scanner. The scan discovered a total of four live hosts, and detected two critical problems, zero areas of concern, and 11 potential problems. The hosts and problems detected are discussed in greater detail in the following sections. This report was generated by SAINT Corporation with the guidelines of the PCI data security initiative. 2.0 Overview The following tables present an overview of the hosts discovered on the network and the vulnerabilities contained therein. 2.1 Host List This table presents an overview of the hosts discovered on the network. Host Name Netbios Name IP Address Critical Problems Areas of Concern Potential Problems PCI Compliant? atlanta.speedtest.cybera.net 64.202.128.8 1 0 4 PASS chicago.speedtest.cybera.net 64.202.128.38 1 0 4 PASS csg2.ch1.cybera.net 64.202.128.41 0 0 2 PASS script.cybera.net 64.202.128.51 0 0 1 PASS 3.0 Part 3a. Vulnerabilities Noted for each IP Address This table presents an overview of the vulnerabilities detected on the network. IP Address Vulnerability /Service CVE PCI Severity CVSSv2 Base Score PCI Compliant? PCI Reason 64.202.128.8 mod_proxy vulnerability in Apache version: 2.2.16 CVE-2009-1890 medium 5.0 PASS DOS vulnerabilities are PCI compliant 64.202.128.8 Remote OS available low 2.6 PASS SAINT calculated its own CVSS score for this vulnerability because it was not found in the NVD. 1 ASV Scan Report Report Generated: October 21, 2010 Customer and ASV Information Customer Information ASV Information Company: Cybera, Inc. Company: SAINT Corporation Contact: David Abbott Contact: Billy Austin Title: SVP Engineering Tehcnology Title: Cheif Security Officer Telephone: 615.301-2376 Telephone: 301-841-0119 E-mail: david.abbott@cybera.net E-mail: austin@saintcorporation.com Business Address: 9009 Carothers Pkwy Business Address: 4720 Montgomery Lane City: Franklin City: Bethesda State/Province: TN State/Province: MD ZIP: 37067 ZIP: 20814 URL: www.clearpci.com URL: www.saintcorporation.com Scan Status - Compliance Status: PASS - Number of unique components scanned: 4 - Number of identified failing vulnerabilities: 0 - Number of components found by ASV but not scanned because scan customer confirmed components were out of scope: 6 - Date scan completed: October 15, 2010 - Scan expiration date (90 days from scan date): January 13, 2011 Scan Customer Attestation Cybera, Inc. attests on October 15, 2010 that this scan includes all components* which should be in scope for PCI DSS, any component considered out-of-scope for this scan is properly segmented from my cardholder data environment, and any evidence submitted to the ASV to resolve scan exceptions is accurate and complete. Cybera, Inc. also acknowledges the following: 1) proper scoping of this external scan is my responsibility, and 2) this scan result only indicates whether or not my scanned systems are compliant with the external vulnerability scan requirement of PCI DSS; this scan result does not represent my overall compliance status with PCI DSS or provide any indication of compliance with other PCI DSS requirements. ASV Attestation This scan and report was prepared and conducted by SAINT Corporation under certificate number ___________________, according to internal processes that meet PCI DSS requirement 11.2 and the PCI DSS ASV Program Guide. SAINT Corporation attests that the PCI DSS scan process was followed, including a manual or automated Quality Assurance process with customer boarding and scoping practices, review of results for anomalies, and review and correction of 1) disputed or incomplete results, 2) false positives, and 3) active scan interference. This report and any exceptions were reviewed by SAINT Corporation. 1 ASV Scan Report Report Generated: October 21, 2010 1.0 Introduction Based upon the results of your scan performed on October 15, 2010, at 10:56 AM by PCI Approved Scanning Vendor SAINT Corporation under certificate number 4268-01-02, Cybera, Inc. is globally PCI compliant with the PCI scan validation requirement. The PCI vulnerability assessment was conducted using the SAINT 7.4.9 vulnerability scanner. The scan discovered a total of four live hosts, and detected two critical problems, zero areas of concern, and 11 potential problems. The hosts and problems detected are discussed in greater detail in the following sections. This report was generated by SAINT Corporation within the guidelines of the PCI data security initiative. 2.0 Overview The following vulnerability severity levels are used to categorize the vulnerabilities: CRITICAL PROBLEMSVulnerabilities which pose an immediate threat to the network by allowing a remote attacker to directly gain read or write access, execute commands on the target, or create a denial of service. AREAS OF CONCERNVulnerabilities which do not directly allow remote access, but do allow privilege elevation attacks, attacks on other targets using the vulnerable host as an intermediary, or gathering of passwords or configuration information which could be used to plan an attack. POTENTIAL PROBLEMSWarnings which may or may not be vulnerabilities, depending upon the patch level or configuration of the target. Further investigation on the part of the system administrator may be necessary. SERVICES Network services which accept client connections on a given TCP or UDP port. This is simply a count of network services, and does not imply that the service is or is not vulnerable. The following tables present an overview of the hosts discovered on the network and the vulnerabilities contained therein. 2.1 Vulnerability List This table presents an overview of the vulnerabilities detected on the network. Host Name Vulnerability / Service Class CVE CVSSv2 Base Score PCI Compliant? PCI Severity 1 *For up to 5 IP addresses
  • 2. email: call: click: solutions@clearpci.com 1.877.5PCINOW (572.4669) www.clearpci.com PRODUCT SHEET …when hackers win, everyone else loses. Making Compliance Easier Understanding the PCI DSS can be daunting. With over 220 individual requirements, most merchants struggle to comprehend the various solutions and tools necessary to become compliant. ClearPCI simplifies PCI compliance for the merchant by removing cost and complexity. The ClearPCI Vulnerability Scanning solution is easy to use and provides you with the information you need to identify vulnerabilities and ultimately become compliant. • All scanning and documentation provided by a PCI Certified Approved Scan Vendor (ASV) • Correlates industry standard identifiers such as CVE, OSVDB, BID, OVAL, SANS/FBI Top 20, CVSS score, vendor ID and many more • Over 15,000 individual vulnerability tests performed during each scan • Automated detection and assessment of open ports and vulnerable configurations Full Integration with ClearPCI ONE For even greater cost savings, ClearPCI Vulnerability Scanning is integrated with ClearPCI ONE, a comprehensive solution for PCI compliance. Instead of assembling security tools and services from a variety of vendors, choose ClearPCI and reduce cost and complexity of PCI. ClearPCI automatically performs and posts quarterly external scans to your online account. At no additional charge, you’ll get documentation for submission to your merchant services provider or transaction processor. Also included for free is the flexibility to schedule unlimited vulnerability scans up to 5 additional IP addresses! ClearPCI One ClearPCI ONE is the industry’s leading solution for PCI compliance – delivering the most comprehensive set of services available. Implement ClearPCI ONE at your merchant location for even greater control and savings! • Online Self Assessment Questionnaire (SAQ) • Vulnerability scanning by certified ASV • SCA-300 series on-site security appliance • Managed firewall service • Managed intrusion detection services • Rogue wireless detection reporting • Hosted anti-virus, anti-spam, content filtering • Security information logging alerting • 12-month remote log storage • Online solution management portal • 24x7 Security Operations Center • Customizable PCI policy templates Get Started Today! Visit: www.ClearPCI.com