The PCI Vulnerability Internal Scanning feature allows customers to run HackerGuardian vulnerability scans on computers located on a local area network (LAN). These computers are typically 'inside' the company's private network and are protected by a perimeter firewall or other network security device. In order to run an internal scan, the administrator must first install and configure the HackerGuardian internal scanning Agent on the local network.
Once installed and configured, this Agent will establish a secure connection to a HackerGuardian Access server which will in turn establish a secure communication channel (connection) to a HackerGuardian scanning server. The scanning server will then be able to connect to and run scans on the local computers located at the IP addresses that have been specified as Local Devices in HackerGuardian. The Agent software is available as an iso image (to create a Live CD), as files (to create a Live USB stick) or as files to run from a VM ware player. The scans can be run directly from the 'Overview' area of HackerGuardian interface after installation and configuration of the agent. (see 'How to install the Agent', 'Configuring the Agent' and 'Using the Agent - Main Menu' for more details on set up and configuration of the agent. See 'Start Device Scanning' to learn how to run an internal scan once the agent has been installed.)
There are two main prerequisites to running an internal scan:
- The creation of a 'Local Device' as a target for the scans in the 'Device List' area of the HackerGuardian interface. Local Devices are defined by one or more IP addresses.
- The internal scanning Agent has been installed on your local network to communicate with the HackerGuardian scanning servers via VPN connection.
Once these two steps are complete, users can start an internal scan on the device by clicking the 'Start Scan' button in the 'Overview' area.
For creating local devices and to run scans on the local devices, switch to 'Device List' area of HackerGuardian. Click here for more details on the interface.
Note: The Internal Scanning feature allows you to create and edit local target devices and to manually run scans on selected devices. Unlike other, 'external', devices, 'LAN Devices' are defined using IP addresses only.
Click on the links below for detailed explanations on steps involved in the Internal Scanning.
- Create new device to enable Custom (Internal) scanning;
- Manage existing devices;
- Install the Internal Scanning Agent;
- Configuring the Internal Scanning Agent;
- Start Scanning an Internal Device;
- View a dashboard summary of scan results from a specific device;
- View Executive Summary and Vulnerability Reports after running an on-demand scan.
How to Add a New Device
1. Switch to 'Device List' area of the interface.
2. Click on '+' button beside 'Add New Device' in the upper pane (as shown below).
3. Select the 'Local' radio button to enable internal scanning on the device
4. Enter a friendly name for the device in the 'Device Name' text box and click 'Continue'.
Important Note: The Device Name specified in this field must exactly match the device name that you set for the Device while installing and configuring the internal scanning agent in the local network. (see 'Configuring the Agent' and 'Using the Agent - Main Menu' for more details on set up and configuration of the agent.)
5. Click 'Add' in the next screen.
6. Enter the IP addresses to be associated with the device in the 'Add IPs or Domains' text box. The IP addresses you specify here will be scanned whenever you run a scan on the 'Device Name'. You can add as many IP addresses as allowed by your license. If you want to add more than one IP, click on the link Add Multiple Addresses and enter the IPs separated by commas. IP ranges can also be specified with each address in that range counting as one of your licensed total IP's.
7. Click the 'Add' button beside the text box.
8. The IP(s)/Domain(s) will be added to the device. If you want to add more IPs or Domains, repeat from Step 6.
9. After adding required IPs and Domains to the Device, Click 'Save'.
The device will be added to your HackerGuardian Account. The device will be validated for PCI compliance on your first on-demand scan and the status will be updated accordingly.
Internal Devices Management
The 'Device List' area of the HackerGuardian interface provides the administrator with the possibility to the full complex of device management. From here administrator can edit a device's details, delete a device, move a domain to another device or remove a domain from a device.
To access the interface for device management, click the edit button beneath the device as shown below.
Adding Additional IPs
1. Open Edit Interface as explained above.
2. Enter the new IP addresses in the 'Add IPs or Domains' text box and click Add button beside the textbox.
3. Click Save.
Removing an IP from a Device
1. Open Edit Interface as explained above.
2. Click the 'X' button beside the IP address and click 'Save'.
Moving an IP to Another Device
Remove the IP from the device in which it is existing and add it to the destination device.
Removing a Device
1. Open Edit Interface as explained above.
2. Click the 'Delete Device' button and click 'Yes' in the confirmation dialog.
How to Install the Agent
The Agent software is available in three formats:
- ISO image - To create a Live, bootable CD for configuring the agent on a physical machine.
- Zip file - To create a Live, bootable USB stick for configuring the agent on a physical machine.
- VMware Player - Version of the agent designed to run under VMware Player.
Installing and configuring the agent on a physical machine requires you to create a Live CD or Live USB. Download the VMware version if you wish to run under VMware player.
How to Create a Live CD
- Download the iso image file comodo_1.0.iso from http://download.comodo.com/hg/comodo_1.0.iso
- Burn a CD with the iso file.
The Live CD is successfully created and you can install and configure the agent on any local target device in your network and added to LAN Device Management area of HackerGuardian. All you need to do is to boot the device through the Live CD.
How to Create a Live USB
- Download the zip file comodo_1.0.zip from http://download.comodo.com/hg/comodo_1.0.zip
- Plug in a USB memory drive (minimum 64MB, >128MB is preferred), pre-formatted with either FAT16 or FAT32 file system.
Note: USB drive must be formatted and contain only one partition with no hidden partitions.
For UNIX/Linux systems -
- Unzip comodo.zip on the USB drive (it must be mounted somewhere like /mnt/usb, ex: mount /dev/sdb1 /mnt/usb)
- Type cd /mnt/usb/boot && chmod -R +x
- Run sh ./bootinst.sh and follow instructions
- Type umount /mnt/usb
For Windows XP/2000/Vista systems -
- Unzip comodo.zip on target USB drive (it must appear as drive letter, ex: G:)
- Run cmd.exe and change drive letter to USB disk (ex: G:)
- Type cd boot in the command prompt
- Run bootinst.bat and follow instructions
- Read the Warning carefully. Press any key except X to continue. To cancel creating the Live USB press X.
- Press any key to exit.
The Live USB is successfully created and you can install and configure the agent on any local target device in your network and added to LAN Device Management area of HackerGuardian. All you need to do is to boot the device through the Live USB.
How to Use the Agent on a VM Machine
- Download the zip file HGAgent.zip from http://download.comodo.com/hg/HGAgent.zip
- Extract the file HGAgent.zip to a folder of your choice. (e.g. C:\HGAgent)
- Start VMware Player by clicking Start > All Programs > VMware > VMware Player
- Alternatively, open the folder where you have extracted the HG Agent through Windows Explorer and double click on the file 'HGAgent.vmx'.
The Agent starts on the VMware Player and allows you to configure it. See Configuring the Agent for more details.
Configuring the Agent
To start the configuration, boot the device through the Live CD or the Live USB.
The agent starts building a list of block devices for storing the configuration files. The agent detects hard disks, USB memory drives and/or other available block devices containing with live file system (like FAT 12, FAT16, FAT 32, VFAT, ext2/ext3, XFS, reisrfs etc.) and proposes a list of valid devices for you to choose from. Select a device to store the configuration files.
The agent asks for a short description of the saved configuration. You can give a short name/description for the configuration (Max 40 characters)
The network configuration dialog appears to specify the network configuration settings. The available network adapters are detected and displayed as a list. Only one network adapter can be used at a time. Select the network adapter through which you want the scan to be performed and select OK.
The connection mode configuration dialog appears. The available choices are Static IP address and DHCP. Select the mode in which the device is connected.
In the next dialog, set the parameters for the selected connection (The agent detects the default parameters of the device and displays them. Only change the values you wish to change and select OK. Use up and down arrow keys and the tab key for navigation).
If you are satisfied with the above configurations, select 'Apply' in the next dialog.
The configuration will be saved. If you want to edit the settings before saving, select Modify. The Network configuration will be restarted. If you do not want to save the settings, select Do nothing. The configuration will not be saved and the network configuration will be restarted.
The main menu will be displayed on completion of the configuration. You can modify the configuration at any time through the options in the main menu.
Using the Agent - Main Menu
The Main Menu of the HackerGuardian VPN agent contains the following options
- HackerGuardian Agent
- Network Configuration
- Select a device for session profile
- Diagnostic console
- Shutdown System
- Help info
The HackerGuardian sub-menu contains the options for configuring various HackerGuardian VPN authentication settings. Selecting the HackerGuardian agent first opens a Login dialog.
Type your Login name, Password and the device name as you registered in the HackerGuardian website.
The options available are
Set/Change authentication values - The VPN connection values of Login Name, Password and Device name can be changed by selecting this option. This is useful when you have configured the agent on one device and wish to quickly running the scan on another pre-registered device.
Important Note - The Device Name displayed in the agent must exactly match the name that you set for the target Device in the 'LAN Devices' area of your HackerGuardian account. Incorrect authentication settings will lead to failure of authentication and no scan will take place.
View Agent Log File - This option allows you to view the HackerGuardian agent execution progress trace, warnings or errors and diagnose connection problems.
Help info - Opens the built-in help page that give explanations on each item in the HackerGuardian Agent Menu.
The network configuration menu allows you to reconfigure the network settings you made during the configuration of the agent.
To change the existing network configuration, select Modify in the network configuration dialog.
The network configuration wizard will be restarted. The available network adapters are detected and displayed as a list.
Select the network adapter through which you want the scan to be performed and select the connection mode.
The available connection mode choices are Static IP address and DHCP. Select the mode in which the device is connected to the network. In the next dialog, set the parameters for the connection. (The agent detects the default parameters of the device and displays them. Only change the values you wish to change and select OK. Use up and down arrow keys and the tab key for navigation).
If you are satisfied with the above configurations, select Apply in the next dialog. The previously stored parameters are overwritten with the new values. If you want to edit the settings before saving, select Modify. The Network configuration will be restarted. If you do not want to save the settings, select Do nothing. The previously stored configurations will be retained and the new configurations will not be saved.
After successfully configuring the network adapter, the network state will appear green in the lower right corner of the screen. The network state will be displayed in black if any connection problems arise indicating that the network connection setting are to be reconfigured.
Select a Device for Session Profile
The storage device chosen previously for storing the configuration settings and the session profiles can be changed/configured by choosing this menu. Selecting this menu again starts building a list of available block devices for storing the configuration.
Select and configure a storage device to use as a permanent storage for Live CD runtime configuration files. This is useful when you plan to boot and run the Live CD more than once with the same network settings and other configurations and do not want to reconfigure every time. The agent detects hard disks, USB memory drives and/or other available block devices containing with live file system (like FAT 12, FAT16, FAT 32, VFAT, ext2/ext3, XFS, reisrfs etc.) and proposes a list of valid devices for you to choose from. The selected device will then be used to store the configuration files by creating a special directory. The stored configuration will be automatically detected and reused every time the scanning is run. You can cancel the device selection if you do not want to store the configuration files.
The Diagnostic Console is intended for advanced users.
The menu contains various tools to diagnose the problems if the agent is not running properly. The console can be opened any time as required and it will not interfere the agent's normal operation.
Selecting this option will shut down the system.
Note: The runtime settings are automatically saved in the configured storage device, so no extra action is needed for this.
Start Device Scanning
To start scanning a pre-registered device
1. Login into HackerGuardian online interface and click 'Start Scan' button in the 'Overview' area as shown below.
The scan configuration options will be displayed.
2. Select 'Custom Scan' from the scan type drop-down menu
3. Select the device to be scanned in the next box. If you want to run the scan for all the devices at once, select 'All'
4. Select the IPs in the next box. If you want to run the scan for all the IPs in the selected device at once, select 'All'.
5. Click 'Start'
Tip: If you want to run the scan simultaneously on multiple devices, you can start scanning on the next device by following the same procedure when the scan in running in one device. Also, you can terminate the scan at any moment by clicking 'Cancel Scan' button.
Viewing a Dashboard Summary of Scan Results
On completion of scan, a dashboard summary of the results will be displayed in the 'Overview' area. If you want to switch to the scan results of other devices, click the bar-graph button beneath the device name as shown below.
Viewing Executive Report, Results Charts and Vulnerability Reports
- To view the Executive scan Report, click the Executive Report button beside the device name.
- To view the Charts page that contains at-a-glance summary of the PCI Scan results on the device and graphical representations of proportions of identified vulnerabilities according to their categories , click the charts page button in the row of the Device.
- To view the Vulnerability Report, click the Vulnerability Scan Report button beside the IP/domain name from the list of IPs/domain names displayed by clicking the '+' button beside the Device name.
The Administrator can also download a Report Pack containing the pdf files of the reports for submitting to the acquiring bank from the Reports area, after a successful scan. Refer to View PCI Scan Reports for more details.