This page explains how to configure and run your first scanning task using the HackerGuardian PCI Scanning Service.
Click the links below for detailed explanations:
Introduction to the Interface
The streamlined web-based main management interface provides easy access to each functional area of the HackerGuardian interface.
The navigation bar contains tabs to access each major functional area:
Displays the 'Overview' and 'Device List' areas.
The 'Overview' area provides the administrator with a summary of the last scan and serves as a launchpad for starting a new scan on the selected device.
As the name suggests, the 'Device List' area contains a list of all devices created and a summary of the last scan that was run on that device. It also allows the administrator to add, edit and configure devices and to view scan reports.
Clicking the bar chart icon, , underneath a device name will display statistics for that device in the main 'Overview' area.
Displays a list of existing scans, allows to add new schedule of scanning.
Enables the administrator to view the summary and complete scan reports.
Enables the administrator to configure account settings, view license information, configure email alerts, configure scan options, choose which plug-ins are to be deployed during a scan etc.
Allows the administrator to access the Self Assessment Questionnaire (SAQ) for their self-evaluation on compliance with the Payment Card Industry Data Security Standard (PCI DSS)
Contains links to the user Guide and to the Comodo support ticketing system. Also enables the administrator to launch a simple setup wizard for PCI Scanning.
The 'Overview' area displays the status of the HackerProof and PCI Scans and a dashboard summary of the scan reports from last performed scan on the device selected from the 'Device List' area.
Device List Area
The Device List area displays a list of devices added to HackerGuardian and provides an at-a-glance summary of the status of each device. This area also allows the administrators to create a new device, edit a device, add IP's to a device and open device reports.
Account Status Information Area
The Account Status Information Area displays the number of scans and IPs/Domains that remain on the license. It also allows the administrator to purchase additional IPs.
Running Your First PCI Scan
Comodo HackerGuardian features a built-in Setup wizard for PCI scanning that provides the fastest and easiest way to add devices and to commence a PCI scan. The wizard is accessible from the interface after you login to your account.
1. Log In To HackerGuardian:
First step in configuring HackerGuardian PCI Scanning Service is to log into the online interface at http://www.hackerguardian.com. Enter the username and password you created during sign up in the 'Secure Account Login' box.
NOTE: During signup you created a Comodo account with a Username and Password. This Username and Password has dual functionality as it allows you to log into the HackerGuardian interface and your Comodo account. In order to log into HackerGuardian to configure the service, use the login box on www.hackerguardian.com (highlighted above). To login into your Comodo account, please use the login box at www.comodo.com.
After your username /password has been verified, you will be logged into the HackerGuardian administrators interface.
2. Launch Setup Wizard for PCI Scanning
Click the 'Help' tab from the Navigation bar to access the 'Help area'...
...and then click the link 'Launch Setup Wizard for scanning'. The wizard allows you to configure and start the scan in just five simple steps.
Step 1 - Enter the name of domain to be scanned
Note - This step applies only to HackerProof setup and will be visible only if you have a HackerProof License. If you do not have a HackerProof license, this step will be skipped and the wizard automatically starts from 'Step 2 - Add Device to Scan'.
If you do not wish to setup a HackerProof scan at this point then you can ignore this step and skip straight to 'Step 2 - Add Device to Scan' by clicking the 'Next' button.
Step 2 - Add Device to Scan
In order to run a PCI (or HackerProof) scan, you must first create a Device.
A HackerGuardian 'Device' is an umbrella term that describes a grouping of IP addresses and/or domains that are to be used as the target for a PCI, HackerProof or SiteInspector scan. HackerGuardian 'Devices' can be used to 'mirror' a real life device. For example, a single machine in your organization's infrastructure may have multiple IP addresses (and domains) which host different services. The PCI DSS guidelines state that all these IP addresses and services must be scanned. By associating multiple IP addresses and domains to a single HackerGuardian 'Device', you can simulate your real-life device and scan it for PCI compliance in one pass. All customers must create a 'device' before PCI scanning can commence.
When creating a device, HackerGuardian requires that you specify all the externally facing IP addresses/Domains belonging to your target server, host or other device.
Note: You can check for the IP addresses and the domains, which have been previously entered and deleted, or the IP Addresses that were detected through reverse lookups on the domains or common hostnames for the domains included previously, by clicking the link 'Please check discovered currently out of scope'. This helps you to identify the out of the scope components to be scanned and add to the created device.
- Click 'Save'
- Click 'Add' if you want to add the next device and repeat the process.
- If you have finished adding new devices, click 'Next' to continue the wizard.
Note: You can also add new devices and edit existing devices from the Overview area of the interface.
Step 3 - Schedule the PCI Scan
The next step is to schedule the scan if you wish to run the scan at a later time or periodically. This is optional. If you do not want to schedule the scan and want to run the scan instantly, just click 'Next' button to skip this step and go to Step 4.
If you want to schedule the scan, click 'Add New Schedule +' button.
- Select the device on which you wish to schedule the scan from Select Device(s) drop-down box.
- Select the IPs/Domain pertaining to the selected device from Select IP(s) box. If you wish to scan all the IPs/Domains, select 'All'.
- Select the start date for the scan schedule by clicking the calendar icon beside 'Set Start Date' text box.
- Select the recurrence period.
- Daily - The scan will be performed once per day on the specified time.
- Weekly - The scan will be performed once in a week on the specified day and time.
- Monthly - The scan will be performed once in a month on the specified date and time.
- Quarterly - The scan will be performed once in three months on the specified date and time.
- Every N days - Scan will be performed once for every n days from the start date. For example, if you specified 2 then the scan will be performed on alternate days.
- Select the start time from the 'Set Start Time' drop-down combo box and select your time zone from the Time Zone drop-down box. The scan will be started on the set time at the scheduled dates according to your time zone.
- Click 'Save' to to apply your schedule.
- Click 'Next' to continue the wizard.
Note: You can always view/modify/delete the schedules from the Scheduled Scans area of HackerGaurdian interface.
Step 4 - Configure PCI Scan Email Alert Options
HackerGuardian sends automated email notifications to administrators on events like commencement of manual/scheduled scans, results of scan and failure of scans. You can set your preferences for receiving the emails as you wish. If you do not want to have email alerts at this moment, Click 'Next' to go to Step 5. You can configure the alert notifications later by accessing the My Account area.
Select the Email Alert Options as given in the table below:
Select Email alert options for Select the option 'PCI Scan' from the drop-down Email Address Enter the email address to which you wish to receive the scan alert message in the text box below 'Email Address'. This address can be different from the Account Email and can belong to the administrator for the specific device/domain. Device Select the Device for which you wish to receive the scan alert message from the drop-down box below 'Device'. If you wish to have the alert message for all the devices, select 'All'. IP Addresses/Domains Select the IPs/Domains pertaining to the device selected, for which you wish to receive the scan alert message from the text box below 'IP Addresses'. If you wish to have the alert message for all the IPs/Domains, select 'All'. Alert Option Select the event for which you wish to have email notification from the drop-down box below 'Options'.
Select the Global Alert Options
- Contact me if I have not performed a scan in 3 months - Selecting this option instructs HackerGuardian to send a remainder message for an on-demand scan to the Account Email address if the administrator has missed to perform a scan for three months.
- Contact me when new vulnerability plug-in are added - Selecting this option instructs HackerGuardian to send a notification email to the Account Email address whenever a new vulnerability plug-in is added to HackerGuardian, enabling the Administrator to deploy the plug-in in future scans.
- Contact me when the Report Pack is awaiting review - Selecting this option instructs HackerGuardian to send a notification email to the Account Email address whenever the administrator has attempted to download the HackerGuardian Scan Report pack by clicking the 'Generate Report Pack' in the Reports area and the Report is under review by a PCI DSS approved staff of Comodo. The Report will be available for download upon completion of the Review and approval by the Comodo staff. Refer to Downloading Report Pack for more details.
- Contact me when the Report Pack is available - Selecting this option instructs HackerGuardian to send a notification email to the Account Email address whenever the administrator has attempted to download the HackerGuardian Scan Report pack by clicking the 'Generate Report Pack' in the Reports area and the Report is ready for download after review by a PCI DSS approved staff of Comodo. Refer to Downloading Report Pack for more details.
- Contact me if a Report Pack issue is detected - Selecting this option instructs HackerGuardian to send a notification email to the Account Email address whenever the administrator has attempted to download the HackerGuardian Scan Report pack by clicking the 'Generate Report Pack' in the Reports area, Report has been reviewed by a PCI DSS approved staff of Comodo and an issue has been detected in the generated report. Refer to Downloading Report Pack for more details.
- Contact me if a Report Pack generation fails - Selecting this option instructs HackerGuardian to send a notification email to the Account Email address whenever the administrator has attempted to download the HackerGuardian Scan Report pack by clicking the 'Generate Report Pack' in the Reports area and the Report generation has failed for some reasons. Refer to Downloading Report Pack for more details.
- Click 'Add' if you want to configure email settings more devices/events.
- Click 'Next' to continue the wizard.
Note: You can always view/modify the email alert options from the My Account area of HackerGaurdian interface.
Step 5 - Start PCI Scanning
The next step is to commence the PCI scan on a device.
- Select the device on which you wish to commence the scan from the 'Select Device(s)' box. If you want to run the scan for all the devices at once, select 'All'.
- Select the IPs/Domains in the next box. If you want to run the scan for all the IPs/Domains associated with the selected device at once, select 'All'.
- Click Finish to commence the scan. The scan will be initiated and you can see the progress in the 'Overview' area.
Note: You can also start scanning on any existing device from the 'Device List' area of the interface.
Viewing Executive Report, Result Charts and Vulnerability Reports
- To view the Executive scan Report, click the Executive Report button beside the device name.
- To view the Charts page that contains at-a-glance summary of the scan results on the device and graphical representations of proportions of identified vulnerabilities according to their categories , click the charts page button in the row of the Device.
- To view the Vulnerability Report, click the Vulnerability Report button beside the IP/domain name from the list of IPs/domain names displayed by clicking the '+' button beside the Device name.
The Administrator can also download a Report Pack containing the pdf files of the reports for submitting to the acquiring bank from the Reports area, after a successful scan. Refer to View PCI Scan Reports for more details.