HackerProof Scan

Once you login to your account, the main configuration area of the HackerGardian interface is displayed. It contains two areas namely:

• Overview
• List of Devices

Overview

The 'Overview' area displays the status of the last run HackerProof and PCI Scans and a dashboard summary of the scan reports from the last scan performed on the device selected from the device list area.

Vulnerabilities by Host - A graphical representation of the information regarding the security holes found, security warnings, and security notes per host. Each category is represented by a different color. Pointing the mouse cursor over a bar in the graph displays the count of the respective item found.

Device Vulnerabilities by Severity - A pie-diagram representation of information regarding the security holes, security warnings, and security notes found. Pointing the mouse cursor over a sector in the diagram displays the percentage proportion of the respective item found.

Definitions of terms

Term	Description
Holes	A vulnerability, whose severity level according to PCI Severity Rating, is more than three or 'High', is identified as a Security Hole by HackerGuardian. To pass a PCI Compliance scan, no holes are to be found during the scan. If any holes are found, the merchant or the service provider must remediate the identified problems and re-run the scan until the compliance is achieved. Click here for more details.
Warnings	A vulnerability, whose severity level, is more two or 'Medium', is indicated as a Security Warning by HackerGuardian. To pass a PCI Compliance scan, no warnings are to be found during the scan. If any warnings are found, the merchant or the service provider must remediate the identified problems and re-run the scan until the compliance is achieved. Click here for more details.
Notes	A vulnerability, whose severity level, is more one or 'Low', is indicated as a Security Note by HackerGuardian. Click here for more details.

List of Devices

The 'Device List' area displays a list of existing devices for PCI/Custom/HackerProof/SiteInspector scanning.

The following table provides description of information columns in this area.

Column	Possible Values	Description
Device	Text	Displays the device name (a friendly name which was given by administrator when creating the device) and the total number of IPs/Domains associated with the device.
IP(s)/Subnets	Text	Displays all the associated domains (e.g. www.domain.com) or IP addresses that administrator specified for the device. Click the '+' button beside All IPs to view the list of IPs and the Domains.
Status	'Compliant' 'Non - Compliant' 'Passed' 'Failed'	Indicates that the device/IP/domain is PCI scan Compliant as per the last run PCI scan. Indicates that the device/IP/domain is not PCI scan Compliant as per the last run PCI scan. Indicates that the device/IP/domain has passed the last run HackerProof or SiteInspector scan Indicates that the device/IP/domain has failed the last run HackerProof or Site Inspector scan
Date	Numeric	Displays the date of last run scan for the device/IP/domain.
Scan Type	'PCI Scan' 'Custom Scan' 'HackerProof' 'Site Inspector'	Indicates that the device/IP/domain is PCI Scan enabled. Indicates that the device/IP/domain is Custom Scan enabled. Indicates that the device/IP/domain is HackerProof Scan enabled. Indicates that the device/IP/domain is SiteInspector Scan enabled.
Action	'Executive Report' button 'Compliance Report' button 'Vulnerability Report' button Retest	Enables the Administrator to view executive scan report of the last scan run on the device. Available only for the devices and not for the individual IPs and Domains associated with the device. Click here for more details. Enables the Administrator to view compliance report of the last run scan on the device/IP/domain. Click here for more details. Enables the Administrator to view vulnerability report of the last run scan on the device/IP/domain. Available only for the individual IPs and Domains associated with a device. Click here for more details. Enables the Administrator to re-run the scan on the device/IP/domain that has failed any of the scans.

Note: Clicking on the up or down arrows beside each column heading sorts the list of devices in ascending order based on the category.

From this area, you can:

• Create new device to enable HackerProof scanning;
• Manage existing devices;
• View a dashboard summary of scan results from a specific device;
• View Executive Summary and Vulnerability Reports from daily scans.

Devices

In order to run the HackerProof and PCI scans, the administrator must first create a Device.

A HackerGuardian 'Device' is an umbrella term that describes a grouping of IP addresses and/or domains that are to be used as the target for a PCI, Custom, HackerProof or SiteInspector scan. HackerGuardian 'Devices' can be used to 'mirror' a real life device. For example, a single machine in your organization's infrastructure may have multiple IP addresses (and domains) which host different services. The PCI DSS guidelines state that all these IP addresses and services must be scanned. By associating multiple IP addresses and domains to a single HackerGuardian 'Device', you can simulate your real-life device and scan it for PCI compliance in one pass. All customers must create a 'device' before PCI, HackerProof or SiteInspector scanning can commence.

• PCI Customers. When creating a device, HackerGuardian requires that you specify all the IP addresses belonging to your target server, host or other device.
• HackerProof ( or/and SiteInspector) Customers. When creating a HackerGuardian device you need to specify the domain name of the website which you would like to display the HackerProof logo on.

Setting up a new domain for scanning is a two stage process:

1.The user applies for scanning on a domain using the built-in form accessed by clicking 'Add Device'.

2.Comodo staff validate that the applicant has the right to conduct  scans on the specified domain.

Once a HackerProof device has been created and the domain associated with that device has been validated, the device will become available in the 'Device List' area.

Important Notes

We recommend that you create separate devices for each type of scan. I.e. separate devices for HackerProof and PCI scans. You can use the same domains/IP addresses across multiple devices.

If you create HackerProof only Devices (only daily scans will be run for these devices):

• You must have at least one Hackerproof (daily) scan license.
• You can scan one domain per daily (HackerProof) license.
• At least one domain that you wish to be daily scanned must be added to a HackerProof only device (but the actual scan will take place on the IP address that this domain resolves to).
• A device only associated with an IP cannot be daily scanned and gain HackerProof status.
• Domain ownership must be validated by Comodo before scanning is allowed to commence.

If you create PCI only devices (only PCI compliance scans will be run for these device):

• You must have at least one PCI scan compliancy license;
• You can add and scan as many IP's as allowed by your PCI license. (These IP's can be spread across as many devices as required.)
• At least one IP address or at least one domain name that you wish to scan for PCI compliancy has been added to the device. If you only specify a domain name then the PCI scan will actually take place on the IP address that this domain resolves to.
• IP address do not need validation. PCI compliance scans on IP's can begin immediately.

If you create PCI + HackerProof Devices (both daily and PCI compliance scans will be run for these devices):

• You must have at least one PCI scan compliancy license and HackerProof (daily) scan license.
• At least one domain that you wish to be daily and PCI scanned must be added to a PCI + HackerProof device (but the actual scans will take place on the IP address that this domain resolves to). The IP address that the domain resolves to will be scanned daily and, if pass, they receive the Hackerproof trustmark for the domain.
• You can optionally add more IP addresses to this device. The additional IP address(es) that were added by user can be scanned for PCI compliance. To gain PCI compliance for this device, all IP addresses must pass the PCI compliance scan.
• A device only associated with an IP cannot be daily scanned and gain HackerProof status.
• Domain ownership must be validated by Comodo before scanning is allowed to commence.

How to Create a New Device

1.Switch to 'Device List' area of the interface.

2.Click on '+' button beside 'Add New Device' in the 'Device List' area (as shown below).

3.Select the HackerProof device radio button to enable daily scanning on the device

4.Enter a friendly name for the device in the 'Device Name' text box and click 'Continue'.

5.Click 'Add' in the next screen.

6.Enter the Domain name(s) (or IP addresses) to be associated with the device in the 'Add IPs or Domains' text box. You can add as many domain names as allowed by your HackerProof license. If you want to add more than one domain, click on the link Add Multiple Addresses and enter the domains separated by commas.

Note: You can scan one domain per daily (HackerProof) license. If you are entering IP addresses, you must enter external IP addresses in these fields. HackerProof will not scan private IP addresses that refer to machines internal to your network.

Private IPs ranges are defined by RFC 1918 as:

10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

7.Click the 'Add' button beside the text box.

8.The IP(s)/Domain(s) will be added to the device. If you want to add more IPs or Domains, repeat from Step 6.

9.After adding required IPs and Domains to the Device, Click 'Save'.

The device will be added to your HackerProof Account. This will submit a validation request to Comodo staff that you wish to conduct scans on the device with stated domain.

Additional IP domains can be purchased and added to your HackerProof license at any time. For more details, please refer to the section: Buying Additional Domains.

I've submitted my desired domain to validation - what happens next?

After receiving your application,  our validation staff will carry out a series of checks to establish that you own the domain or have authority to scan it.

• If our checks indicate you own the domain that you have entered then you will be validated quickly and can begin scanning.

The newly created device is stored in the 'Device List' area of Hackerguardian interface. The domain is stored in device with 'HackerProof status'- 'Awaiting validation'. Next, after successful validation the domain status will be change to 'Issued' and HackerProof scan will take place automatically every day. The result of the scan you can view in 'View HackerProof Reports' section.

After successful validation, you will be provided with instructions on how to display out HackerProof Trust mark in your webpages. Displaying the HackerProof trust mark delivers a message of the security of your servers and of your true identity to website customers. It is essential business practice of Comodo to fully validate your application. For businesses we will require a copy of your articles of incorporation, business license or DUNS number. If you haven't done so already, please supply this documentation to docs@comodogroup.com  stating your HackerGuardian order number within the email.

NOTE: a full list of acceptable documentation can be found here.

You can fax your validation documentation to the numbers below stating your order number on the pages:

US Fax for validation docs: 1 801 409-3684
Europe Fax for validation docs: +44 (0) 161 877 1767

If you are emailing validation documentation please send to docs@comodogroup.com stating your order number within the email.

NOTE: if your business is already listed in IdAuthority (usually because you are an existing SSL customer) then you will be validated very quickly.

Devices Management

The 'Device List' area of Hackerguardian interface provides administrator with possibility to perform full complex of device management. From here administrator can edit device's details, delete a device, move domain to another device or remove a domain from a device.

To access the interface for device management, click the edit button beneath the device as shown below.

Adding Additional IPs/Domains

1.Open Edit Interface as explained above.

2.Enter the Domain name(s) or IP addresses in the 'Add IPs or Domains' text box and click Add button beside the textbox.

3.Click Save.

Removing a IP/Domain from a Device

1.Open Edit Interface as explained above.

2.Click the 'X' button beside the IP/Domain name and click 'Save'.

Moving IP/Domain to Another Device

• Remove the IP/Domain from the device in which it is existing and add it to the destination device.

Removing a Device

1.Open Edit Interface as explained above.

2.Click the 'Delete Device' button and click 'Yes' in the confirmation dialog.

Viewing a dashboard summary of scan results

On completion of scan, a dashboard summary of the results will be displayed in the upper pane of the 'Overview' area. If you want to switch to the scan results of other devices, click the bar-graph button beneath the device name as shown below.

Viewing Executive and Vulnerability Reports

• To view the Executive scan Report, click the Executive Report button beside the device name.
• To view the Vulnerability Report, click the Vulnerability Report button beside the domain name.

Refer to View HackerProof Reports for more details.

General

• Introduction To HackerGuardian
• Acceptable Validation Documents
• Comparison of Services
• Glossary

PCI Scanning Service

• Getting Started
  • Introduction to the Interface
  • Running Your First PCI Scan
  • Accessing Self Assessment Questionnaire
• PCI Scanning Service - Infrastructure
  • PCI Scan
    • Devices
    • How to create a 'PCI scan' Device
    • Devices Management
    • Start Scanning
  • Scanning LAN Devices
    • How to add a new device
    • Internal Devices Management
    • How to Install the Internal Scanning Agent
    • Configuring the Internal Scanning Agent
    • The Main Menu of the Scanning Agent
    • Start Scanning
  • Account and Scan Settings
    • Account Preferences
    • Scan Configuration
      • Set Scanning Options
      • Set Vulnerability Plug-ins
  • Schedule Scans
  • View Reports
    • View PCI Scan Reports
      • Executive Report
      • Vulnerability Report
      • Reporting False Positives
      • Compliance Report
      • Tracking Status of Submitted False Positives
• Purchasing Additional IP addresses
• Setting Up Your Payment Credential CVC