Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Clear Pci Vulnerability Scans Web2
1. PRODUCT SHEET
The Payment Card Industry (PCI) Data Security Standard (DSS)
requires all firms processing card based payments to perform
periodic external vulnerability scans via an Approved Scan Vendor
(ASV). With ClearPCI, scans can be scheduled with ease and come
with the reporting and documentation required for PCI compliance.
ClearPCI’s low annual fee allows you unlimited scanning for up to 5
IP addresses to re-scan your environment as often as needed.
You no longer need to be a security expert or hire expensive
consultants. ClearPCI’s ASV Certified Vulnerability Scanning gives
you the power to quickly and easily identify, assess and report
on potential vulnerabilities. Through simple online scheduling
and optionally automated scans, ClearPCI’s online Vulnerability
Scanning simplifies your compliance efforts!
• Unlimited scanning of up to five IP addresses
• Identifies vulnerabilities to hackers, worms and viruses
• Online scheduling and report management
• ClearPCI ONE integration for greater protection and lower costs
Unlimited Scans
for One Year!*
The easiest and lowest cost PCI
scanning available. Quickly and
easily generate the documentation
you need for PCI Compliance:
• Attestation Report
• Executive Summary
• Detailed Assessment Report
Get Started Today!
Visit: www.ClearPCI.com
Vulnerability Scanning
for PCI Compliance
Comprehensive PCI, One Simple Solution
ASV Scan Report
Report Generated: October 21, 2010
1.0 Introduction
Based upon the results of your scan performed on October 15, 2010, at 10:56 AM by PCI Approved Scanning
Vendor SAINT Corporation under certificate number 4268-01-02, Cybera, Inc. is globally PCI compliant with
the PCI scan validation requirement. The PCI vulnerability assessment was conducted using the SAINT
7.4.9 vulnerability scanner. The scan discovered a total of four live hosts, and detected two critical problems,
zero areas of concern, and 11 potential problems. The hosts and problems detected are discussed in greater
detail in the following sections. This report was generated by SAINT Corporation with the guidelines of the PCI
data security initiative.
2.0 Overview
The following tables present an overview of the hosts discovered on the network and the vulnerabilities contained
therein.
2.1 Host List
This table presents an overview of the hosts discovered on the network.
Host Name
Netbios
Name
IP Address
Critical
Problems
Areas of
Concern
Potential
Problems
PCI
Compliant?
atlanta.speedtest.cybera.net
64.202.128.8
1
0
4
PASS
chicago.speedtest.cybera.net
64.202.128.38
1
0
4
PASS
csg2.ch1.cybera.net
64.202.128.41
0
0
2
PASS
script.cybera.net
64.202.128.51
0
0
1
PASS
3.0 Part 3a. Vulnerabilities Noted for each IP Address
This table presents an overview of the vulnerabilities detected on the network.
IP Address
Vulnerability
/Service
CVE
PCI
Severity
CVSSv2
Base
Score
PCI
Compliant?
PCI Reason
64.202.128.8 mod_proxy
vulnerability in
Apache
version: 2.2.16
CVE-2009-1890
medium 5.0
PASS
DOS vulnerabilities are PCI
compliant
64.202.128.8 Remote OS
available
low
2.6
PASS
SAINT calculated its own
CVSS score for this vulnerability
because it was not found in the
NVD.
1
ASV Scan Report
Report Generated: October 21, 2010
Customer and ASV Information
Customer Information ASV Information
Company: Cybera, Inc. Company: SAINT Corporation
Contact: David Abbott Contact: Billy Austin
Title: SVP Engineering Tehcnology Title: Cheif Security Officer
Telephone: 615.301-2376 Telephone: 301-841-0119
E-mail: david.abbott@cybera.net E-mail: austin@saintcorporation.com
Business Address: 9009 Carothers Pkwy Business Address: 4720 Montgomery Lane
City: Franklin City: Bethesda
State/Province: TN State/Province: MD
ZIP: 37067 ZIP: 20814
URL: www.clearpci.com URL: www.saintcorporation.com
Scan Status
- Compliance Status: PASS
- Number of unique components scanned: 4
- Number of identified failing vulnerabilities: 0
- Number of components found by ASV but not scanned because scan customer confirmed
components were out of scope: 6
- Date scan completed: October 15, 2010
- Scan expiration date (90 days from scan date): January 13, 2011
Scan Customer Attestation
Cybera, Inc. attests on October 15, 2010 that this scan includes all components* which should be in scope for
PCI DSS, any component considered out-of-scope for this scan is properly segmented from my cardholder data
environment, and any evidence submitted to the ASV to resolve scan exceptions is accurate and complete.
Cybera, Inc. also acknowledges the following: 1) proper scoping of this external scan is my responsibility, and 2)
this scan result only indicates whether or not my scanned systems are compliant with the external vulnerability
scan requirement of PCI DSS; this scan result does not represent my overall compliance status with PCI DSS
or provide any indication of compliance with other PCI DSS requirements.
ASV Attestation
This scan and report was prepared and conducted by SAINT Corporation under certificate number
___________________, according to internal processes that meet PCI DSS requirement 11.2 and the PCI DSS
ASV Program Guide.
SAINT Corporation attests that the PCI DSS scan process was followed, including a manual or automated
Quality Assurance process with customer boarding and scoping practices, review of results for anomalies, and
review and correction of 1) disputed or incomplete results, 2) false positives, and 3) active scan interference. This
report and any exceptions were reviewed by SAINT Corporation.
1
ASV Scan Report
Report Generated: October 21, 2010
1.0 Introduction
Based upon the results of your scan performed on October 15, 2010, at 10:56 AM by PCI Approved Scanning
Vendor SAINT Corporation under certificate number 4268-01-02, Cybera, Inc. is globally PCI compliant with
the PCI scan validation requirement. The PCI vulnerability assessment was conducted using the SAINT
7.4.9 vulnerability scanner. The scan discovered a total of four live hosts, and detected two critical problems,
zero areas of concern, and 11 potential problems. The hosts and problems detected are discussed in greater
detail in the following sections. This report was generated by SAINT Corporation within the guidelines of the
PCI data security initiative.
2.0 Overview
The following vulnerability severity levels are used to categorize the vulnerabilities:
CRITICAL PROBLEMSVulnerabilities which pose an immediate threat to the network by allowing a remote attacker to directly
gain read or write access, execute commands on the target, or create a denial of service.
AREAS OF CONCERNVulnerabilities which do not directly allow remote access, but do allow privilege elevation attacks,
attacks on other targets using the vulnerable host as an intermediary, or gathering of passwords or
configuration information which could be used to plan an attack.
POTENTIAL PROBLEMSWarnings which may or may not be vulnerabilities, depending upon the patch level or configuration of
the target. Further investigation on the part of the system administrator may be necessary.
SERVICES
Network services which accept client connections on a given TCP or UDP port. This is simply a count
of network services, and does not imply that the service is or is not vulnerable.
The following tables present an overview of the hosts discovered on the network and the vulnerabilities contained
therein.
2.1 Vulnerability List
This table presents an overview of the vulnerabilities detected on the network.
Host Name
Vulnerability / Service
Class CVE
CVSSv2
Base
Score
PCI
Compliant?
PCI
Severity
1
*For up to 5 IP addresses
2. email: call: click:
solutions@clearpci.com 1.877.5PCINOW (572.4669) www.clearpci.com
PRODUCT SHEET
…when hackers win,
everyone else loses.
Making Compliance Easier
Understanding the PCI DSS can be daunting. With over 220
individual requirements, most merchants struggle to comprehend
the various solutions and tools necessary to become compliant.
ClearPCI simplifies PCI compliance for the merchant by removing
cost and complexity.
The ClearPCI Vulnerability Scanning solution is easy to use and
provides you with the information you need to identify vulnerabilities
and ultimately become compliant.
• All scanning and documentation provided by a PCI
Certified Approved Scan Vendor (ASV)
• Correlates industry standard identifiers such as CVE,
OSVDB, BID, OVAL, SANS/FBI Top 20, CVSS score, vendor
ID and many more
• Over 15,000 individual vulnerability tests performed
during each scan
• Automated detection and assessment of open ports and
vulnerable configurations
Full Integration with ClearPCI ONE
For even greater cost savings, ClearPCI Vulnerability Scanning
is integrated with ClearPCI ONE, a comprehensive solution for
PCI compliance. Instead of assembling security tools and services
from a variety of vendors, choose ClearPCI and reduce cost and
complexity of PCI.
ClearPCI automatically performs and posts quarterly external
scans to your online account. At no additional charge, you’ll
get documentation for submission to your merchant services
provider or transaction processor. Also included for free is the
flexibility to schedule unlimited vulnerability scans up to 5
additional IP addresses!
ClearPCI One
ClearPCI ONE is the industry’s leading
solution for PCI compliance – delivering
the most comprehensive set of services
available. Implement ClearPCI ONE at
your merchant location for even greater
control and savings!
• Online Self Assessment Questionnaire
(SAQ)
• Vulnerability scanning by certified ASV
• SCA-300 series on-site security
appliance
• Managed firewall service
• Managed intrusion detection services
• Rogue wireless detection reporting
• Hosted anti-virus, anti-spam, content
filtering
• Security information logging alerting
• 12-month remote log storage
• Online solution management portal
• 24x7 Security Operations Center
• Customizable PCI policy templates
Get Started Today!
Visit: www.ClearPCI.com