The 'My Accounts' area of the HackerGuardian interface displays your account details, license information, and your email alert settings, and also allows you to change them if required. It also enables you to configure the general scanning options, the HackerGuardian plug-ins to be deployed during scanning and PCI scan options like configuring start url and hidden urls of your website. You can access this area by clicking the 'My Account' tab in the Navigation bar.

HackerGuardian PCI DSS Account Settings

This area contains four tabs.

  • My Account - Enables the Administrator to view/modify the account related information, view License information and configure email alert options.
  • Email Alerts - Enables the Administrator to configure email alert options.
  • Custom Settings - Enables the Administrator to configure general scanning options and to select vulnerability plug-ins to be deployed during the scans.
  • PCI Settings - Enables the Administrator to configure the start url, from where HackerGuardian has to start scanning all the webpages/microsites of the website. The Administrator can also specify the hidden urls in the website to be scanned.

My Account Area

To access the My Accounts area.

  • Switch to 'My Accounts' area of the HackerGuardian interface.
  • Click the 'My Accounts' link in the 'My Accounts' area

This interface allows you to:

View/Modify Your Account Information

Account Email - Displays the email address of the subscriber of the HackerGuardian service. All the account related messages and reminders for renewals will be sent to this email address.

Company Name - Displays the name of the Organization/Company attached to the account.

Country Name - Displays the name of the Country of the Organization/Company.

Contact - Displays the name of the Administrator/Contact person of the Organization/Company, responsible for subscription of HackerGuardian service.

Title - Displays the position/job title of the Administrator/Contact person.

Telephone - Displays the telephone number of the Administrator/Contact person.

Business Address - Displays the address of the Organization/Company.

City - Displays the city of the Organization/Company.

State/Province - Displays the State/Province of the Organization/Company.

Zip/Postal code - Displays the Zip/Postal code.

URL - Displays the url of Organization/Company's website.

Date Format - Allows you to change / select the date format.

Time Zone - Allows you to change / select the time zone.

Daylight Saving Time - When this option is selected, the time stamp in reports will be based on DST of the country from where you are using the application.

The administrator can enter/change the above details by deleting the old information and entering the new information.

View License Information

Licenses - Displays a list of HackerGuardian/HackerProof licenses purchased so far. The following table provides the description of columns in this area.

Column Description
Product Name The name of the HackerGuardian service subscribed
Starts The commencement date of the service
Expires The expiry date of the license
Quantity The total number of IPs/Domains for which the service is subscribed

Configure Email Alert and Global Alert Options

HackerGuardian sends automated email notifications to administrators upon events like the commencement of a manual or scheduled scan, the results of a scan and the failure of a scan. You can set your preferences for receiving the emails as you wish.

To configure email alert options

  • Switch to 'My Accounts' area of the HackerGuardian interface.
  • Click the 'Email Alerts' link in the 'My Accounts' area

    HackerGuardian Email Alerts
  • Select the scan type for which you wish to receive the email notification from the drop-down box beside 'Select Email alert options for'.

    HackerGuardian Scan Alert Options
  • Select the preferences as given in the table below:

    Email Address Enter the email address to which you wish to receive the scan alert message in the text box below 'Email Address'. This address can be different from the Account Email and can belong to the administrator for the specific device/domain.
    Device Select the Device for which you wish to receive the scan alert message from the drop-down box below 'Device'. If you wish to have the alert message for all the devices, select 'All'.
    IP Addresses Select the IPs/Domains pertaining to the device selected, for which you wish to receive the scan alert message from the text box below 'IP Addresses'. If you wish to have the alert message for all the IPs/Domains, select 'All'.
    Options Select the event for which you wish to have email notification from the drop-down box below 'Options'.
  • Click 'Add'. The entry will be added to the list under Email Alert Options.
  • Repeat the procedure for setting email alerts for different types of scans and different devices.
  • To remove an Email Alert entry, simply click the link Remove in the entry as shown below.

    PCI Scan Email Alert Entry

Global Alert Options

  • Contact me if I have not performed a scan in 3 months - Selecting this option instructs HackerGuardian to send a remainder message for an on-demand scan to the Account Email address if the administrator has missed to perform a scan for three months.
  • Contact me when new vulnerability plug-in are added - Selecting this option instructs HackerGuardian to send a notification email to the Account Email address whenever a new vulnerability plug-in is added to HackerGuardian, enabling the Administrator to deploy the plug-in in future scans.
  • Contact me when the Report Pack is awaiting review - Selecting this option instructs HackerGuardian to send a notification email to the Account Email address whenever the administrator has attempted to download the HackerGuardian Scan Report pack by clicking the 'Generate Report Pack' in the Reports area and the Report is under review by a PCI DSS approved staff of Comodo. The Report will be available for download upon completion of the Review and approval by the Comodo staff. Refer to Downloading Report Pack for more details.
  • Contact me when the Report Pack is available - Selecting this option instructs HackerGuardian to send a notification email to the Account Email address whenever the administrator has attempted to download the HackerGuardian Scan Report pack by clicking the 'Generate Report Pack' in the Reports area and the Report is ready for download after review by a PCI DSS approved staff of Comodo. Refer to Downloading Report Pack for more details.
  • Contact me if a Report Pack issue is detected - Selecting this option instructs HackerGuardian to send a notification email to the Account Email address whenever the administrator has attempted to download the HackerGuardian Scan Report pack by clicking the 'Generate Report Pack' in the Reports area, Report has been reviewed by a PCI DSS approved staff of Comodo and an issue has been detected in the generated report. Refer to Downloading Report Pack for more details.
  • Contact me if a Report Pack generation fails - Selecting this option instructs HackerGuardian to send a notification email to the Account Email address whenever the administrator has attempted to download the HackerGuardian Scan Report pack by clicking the 'Generate Report Pack' in the Reports area and the Report generation has failed for some reasons. Refer to Downloading Report Pack for more details.
  • Click 'Save Changes' for your settings to take effect.

Scan Configuration

The Custom Settings area enables the Administrator with advanced skills to configure the HackerGuardian scans, like specifying port range to be scanned, number of parallel checks to be done concurrently, selecting Port Scanner options, selecting plug-ins to be used for scanning etc.

To access the Custom Settings area

  • Switch to 'My Accounts' area of the HackerGuardian interface.
  • Click the 'Custom Settings' link in the 'My Accounts' area

    HackerGuardian Custom Settings

This interface allows you to:

Configure Scan Options

This area enables administrators to configure general options pertaining to the scans. The settings chosen in this area will apply to any scan performed on selected device in the 'Overview' and 'Scheduled Scans' areas.

Scan Option Element Type Description
Port Range Text box Set the range of ports to be scanned. A special value of default is allowed which scans port 1-15000. To scan all TCP ports on the target host, enter '1-65535'. Enter single ports, such as "21, 23, 25" or more complex sets, such as "21, 23, 25, 1024-2048, 6000", or enter "default" to scan default ports.
Consider unscanned ports as closed Check box Ports that are not specifically scanned will be assumed as in closed state.
Parallel Checks Text box Set the maximum number of security checks that will be performed in parallel. This may be reduced to a minimum of one to reduce network load. The maximum number of parallel checks allowed is 10% of the number of IP addresses in your account and not exceeding 25. To illustrate, If your license covers 50 IP addresses, you can run scans on five IP addresses concurrently. Lesser the number of concurrent scans, faster will be the process.
Optimized Test Check box Allows the scan to be optimized by only performing tests if information previously collected indicates a test is relevant. When disabled all tests are performed.
Port Scanner Options
Nmap (NASL Wrapper) Check box Runs nmap(1) to find open ports.
Scan for La Breatarpitted hosts Check box Performs a labrea tarpit scan, by sending a bogus ACK and ACK-windowprobe to a potential host. Also sends a TCP SYN to test for non-persisting lebrea machines.
SYN Scan Check box Performs a fast SYN port scan by computing the RTT (round trip time) of the packets moving back and forth between host and the target and using the value to quickly send SYN packets to the remote host.
Netstat Scanner Check box Runs netstat on the remote machine to find open ports.
Safe Checks Check box Some checks are potentially harmful to the target host being scanned. When this option is enabled scans which may harm the target host are not performed. This option should be disabled to perform a full scan.
Designate hosts by their MAC address Check box This option will identify hosts in the scan report by their Ethernet MAC address rather than their IP address. This is useful for networks in which DHCP is used.
Exclude top level domain wildcard hosts Check box Excludes the hosts whose addresses are returned by a wildcard on some top level domains or the web server.
Nessus TCP Scanner Check box Enables classical TCP port scanner. It shall be reasonably quick even against a firewalled target. Once a TCP connection is open, it grabs any available banner for the service identifications. TCP scanners are more intrusive than SYN (half open) scanners.
Ping the Remote Hosts Check box Pings the remote hosts through TCP connection and reports to the plug-ins knowledge base on whether the remote host is dead or alive. This sends to the remote host a packet with the flag SYN, and the host will reply with a RST or a SYNACK.

Select the Vulnerability Plug-ins to be Deployed

Each individual vulnerability test is known as a HackerGuardian 'Plug-in'. Each individual plug-in is written to test for a specific vulnerability. These can be written to actually exploit the vulnerability or just test for known vulnerable software versions.

HackerGuardian is continuously updated with the latest plug-in vulnerability tests via a direct feed available to all PCI Scanning Service subscribers - providing up to the second security against the latest vulnerabilities. At the moment there are over 28,000 with more being developed and added weekly.

This area enables the administrator to choose which plug-ins are deployed during a scan. Plug-ins can be enabled or disabled by their family type basis.

To choose the vulnerability plug-in families, click the Vulnerability Plugins Settings link from the Custom Settings interface.

Vulnerability Scan Plugin Settings

  • Select the plug-in families you wish to deploy.

    Note: You must select Custom Scan for the chosen plug-ins to be deployed, while starting/scheduling a scan.

  • Click 'Save Changes' for your settings to take effect.

PCI Settings

The PCI Settings area enables the Administrator to customize the scan start page and to include hidden urls to be scanned for a Device and to specify the maximum number of concurrent scans.

  • By default, the scanning is started from the main website page. If the index page of the website is different from the main site page, the Administrator has to specify the index page url as the Start url, in order to start the scanning from the index page.
  • If the website(s) contained in the Device has hidden webpages, which are not linked from any other active page. Then the crawler will not be able to find them and include them for scanning. These hidden pages are to be scanned, HackerGuardian allows you to manually add them to the device for scanning.

To access the PCI Settings area

  • Switch to 'My Accounts' area of the HackerGuardian interface.
  • Click the 'PCI Settings' link in the 'My Accounts' area

    PCI Scan Settings

This area allows the Administrator to:

Specifying target URLs for scanning

  • Select the HackerGuardian Device for which the PCI Settings are to be customized from the Device drop-down.
  • Select the IP Address/Domain contained in the Device.
  • Enter the start page or index page of selected domain in the StartUrl selection textbox and click Save/Add.

    Note: The domain name need not be repeated and the startpage should not be ended with a "/" . If this field is left blank, the scanning will be started from the main website page.

    For example, if the index page of the domain testdomain.com is www.testdomain.com/starturl/index.html, just enter "starturl" in the Start Url selection textbox.

  • Enter the hidden url in the Hidden Url selection text box and click Save/Add.

    Note: The start page url should be mentioned for each hidden url. The hidden url should be prefixed with a "/" . The domain name and the full path need not be repeated.

    For example, if the hidden page of the domain testdomain.com/starturl is www.testdomain.com/starturl/hiddenpage, just enter "/hiddenpage" in the Hidden Url selection textbox. Placing the mouse cursor over the added hidden url will display the full path.

    PCI Settings

  • Repeat the process for adding the start url and the hidden url for each hidden page in the website.

Setting Maximum Number of Allowed Concurrent Scans

Select the High, Medium or Slow radio buttons to specify the maximum number of concurrent scans. The number of allowed parallel checks are as given below:

High Six Parallel Checks
Medium Four Parallel Checks (default)
Slow 0ne check at a time

Tip: Lower the number of concurrent scans, faster will be the process.

Scanning Options

Click the 'More Scan Options' link to view all the scanning options available.

This area enables administrators to configure general options pertaining to the scans. The settings chosen in this area will apply to any scan performed on selected device in the 'Overview' and 'Scheduled Scans' areas.

Scan Option Element Type Description
Ping the Remote Hosts Check box Pings the remote hosts through TCP connection and reports to the plug-ins knowledge base on whether the remote host is dead or alive. This sends to the remote host a packet with the flag SYN, and the host will reply with a RST or a SYNACK.
Consider unscanned ports as closed Check box Ports that are not specifically scanned will be assumed as in closed state.
Do an applicative UDP ping (DNS,RPC...) Check box Performs a check if the host is up by sending a single UDP packet. The host is up if another UDP packet is returned or if an ICMP port unreachable message is returned.
Port Range Text box Set the range of ports to be scanned. A special value of default is allowed which scans port 1-15000. To scan all TCP ports on the target host, enter '1-65535'. Enter single ports, such as "21, 23, 25" or more complex sets, such as "21, 23, 25, 1024-2048, 6000", or enter "default" to scan default ports.
Optimized Test Check box Allows the scan to be optimized by only performing tests if information previously collected indicates a test is relevant. When disabled all tests are performed.
Nmap (NASL Wrapper) Check box Runs nmap(1) to find open ports.
Scan for La Breatarpitted hosts Check box Performs a labrea tarpit scan, by sending a bogus ACK and ACK-windowprobe to a potential host. Also sends a TCP SYN to test for non-persisting lebrea machines.
SYN Scan Check box Performs a fast SYN port scan by computing the RTT (round trip time) of the packets moving back and forth between host and the target and using the value to quickly send SYN packets to the remote host.
Netstat Scanner Check box Runs netstat on the remote machine to find open ports.
Safe Checks Check box Some checks are potentially harmful to the target host being scanned. When this option is enabled scans which may harm the target host are not performed. This option should be disabled to perform a full scan.
Designate hosts by their MAC address Check box This option will identify hosts in the scan report by their Ethernet MAC address rather than their IP address. This is useful for networks in which DHCP is used.
Exclude top level domain wildcard hosts Check box Excludes the hosts whose addresses are returned by a wildcard on some top level domains or the web server.
Nessus TCP Scanner Check box Enables classical TCP port scanner. It shall be reasonably quick even against a firewalled target. Once a TCP connection is open, it grabs any available banner for the service identifications. TCP scanners are more intrusive than SYN (half open) scanners.