Once you login to your account, the main configuration area of the HackerGardian interface is displayed. It contains two areas namely:
HackerGuardian PCI Compliance Scan Dashboard Overview
The 'Overview' area displays the status of the last run HackerProof and PCI Scans and a dashboard summary of the scan reports from the last scan performed on the device selected from the device list area.
Vulnerabilities by Host - A graphical representation of the information regarding the security holes found, security warnings, and security notes per host. Each category is represented by a different color. Pointing the mouse cursor over a bar in the graph displays the count of the respective item found.
Vulnerabilities by Severity - A pie-diagram representation of information regarding the security holes, security warnings, and security notes found. Pointing the mouse cursor over a sector in the diagram displays the percentage proportion of the respective item found.
Definition of terms
|Holes||A vulnerability, whose severity level according to PCI Severity Rating, is more than three or 'High', is identified as a Security Hole by HackerGuardian. To pass a PCI Compliance scan, no holes are to be found during the scan. If any holes are found, the merchant or the service provider must remediate the identified problems and re-run the scan until the compliance is achieved. Click here for more details.|
|Warnings||A vulnerability, whose severity level, is more two or 'Medium', is indicated as a Security Warning by HackerGuardian. To pass a PCI Compliance scan, no warnings are to be found during the scan. If any warnings are found, the merchant or the service provider must remediate the identified problems and re-run the scan until the compliance is achieved. Click here for more details.|
|Notes||A vulnerability, whose severity level, is more one or 'Low', is indicated as a Security Note by HackerGuardian. Click here for more details.|
List of Devices
The 'Device List' area displays a list of existing devices for PCI/Custom/HackerProof/SiteInspector scanning.
The following table provides description of information columns in this area.
|Device||Text||Displays the device name (a friendly name which was given by administrator when creating the device) and the total number of IPs/Domains associated with the device.|
|Address/Subnets||Text||Displays all the associated domains (e.g. www.domain.com) or IP addresses that administrator specified for the device. Click the '+' button beside All IPs to view the list of IPs and the Domains.|
|Status||'Compliant'||Indicates that the device/IP/domain is PCI scan Compliant as per the last run PCI scan.|
|'Non - Compliant'||Indicates that the device/IP/domain is not PCI scan Compliant as per the last run PCI scan.|
|'Passed'||Indicates that the device/IP/domain has passed the last run HackerProof or SiteInspector scan|
|'Failed'||Indicates that the device/IP/domain has failed the last run HackerProof or Site Inspector scan|
|Date||Numeric||Displays the date of last run scan for the device/IP/domain.|
|Scan type||'PCI Scan'||Indicates that the device/IP/domain is PCI Scan enabled.|
|'Custom Scan'||Indicates that the device/IP/domain is Custom Scan enabled.|
|'HackerProof'||Indicates that the device/IP/domain is HackerProof Scan enabled.|
|'Site Inspector'||Indicates that the device/IP/domain is SiteInspector Scan enabled.|
|Action||'Executive Report' button||Enables the Administrator to view executive scan report of the last scan run on the device. Available only for the devices and not for the individual IPs and Domains associated with the device. Click here for more details.|
|Chart button||Enables the Administrator to view vulnerability report of the last run scan on the device/IP/domain. Available only for the individual IPs and Domains associated with a device. Click here for more details.|
|'Vulnerability Report' button||Enables the Administrator to view vulnerability report of the last run scan on the device/IP/domain. Available only for the individual IPs and Domains associated with a device. Click here for more details.|
|Retest||Enables the Administrator to re-run the scan on the device/IP/domain that has failed any of the scans.|
Note: Clicking on the up or down arrows beside each column heading sorts the list of devices in ascending order based on the category.
From this area, you can:
- Create new device to enable PCI scanning;
- Manage existing devices;
- View a dashboard summary of scan results from a specific device;
- View Executive Summary and Vulnerability Reports after running an on-demand scan.
In order to run a PCI (or HackerProof/SiteInspector) scan, the administrator must first create a Device.
A HackerGuardian 'Device' is an umbrella term that describes a grouping of IP addresses and/or domains that are to be used as the target for a PCI, Custom, HackerProof or SiteInspector scan. HackerGuardian 'Devices' can be used to 'mirror' a real life device. For example, a single machine in your organization's infrastructure may have multiple IP addresses (and domains) which host different services. The PCI DSS guidelines state that all these IP addresses and services must be scanned. By associating multiple IP addresses and domains to a single HackerGuardian 'Device', you can simulate your real-life device and scan it for PCI compliance in one pass. All customers must create a 'device' before PCI, HackerProof or SiteInspector scanning can commence.
- PCI Customers. When creating a device, HackerGuardian requires that you specify all the IP addresses belonging to your target server, host or other device.
- HackerProof ( or/and SiteInspector) Customers. When creating a HackerGuardian device you need to specify the domain name of the website which you would like to display the HackerProof logo on.
Once a PCI device has been created, it will become available for selection in the 'Device List' area.
Important Notes: We recommend that you create separate devices for each type of scan. I.e. separate devices for HackerProof and PCI scans. You can use the same domains/IP addresses across multiple devices.
If you create PCI only devices (only PCI compliance scans will be run for these device):
- You must have at least one PCI scan compliancy license;
- You can add and scan as many IP's as allowed by your PCI license. (These IP's can be spread across as many devices as required.)
- At least one IP address or at least one domain name that you wish to scan for PCI compliancy has been added to the device. If you only specify a domain name then the PCI scan will actually take place on the IP address that this domain resolves to.
- IP address do not need validation. PCI compliance scans on IP's can begin immediately.
If you create PCI + HackerProof Devices (both daily and PCI compliance scans will be run for these devices):
- You must have at least one PCI scan compliancy license and HackerProof (daily) scan license.
- At least one domain that you wish to be daily and PCI scanned must be added to a PCI + HackerProof device (but the actual scans will take place on the IP address that this domain resolves to).
The IP address that the domain resolves to will be scanned daily and, if pass, they receive the Hackerproof trustmark for the domain.
- You can optionally add more IP addresses to this device.
The additional IP address(es) that were added by user can be scanned for PCI compliance. To gain PCI compliance for this device, all IP addresses must pass the PCI compliance scan.
- A device only associated with an IP cannot be daily scanned and gain HackerProof status.
- Domain ownership must be validated by Comodo before scanning is allowed to commence
How to Create a New Device
1. Switch to 'Device List' area of the interface.
2. Click on '+' button beside 'Add New Device' in the 'Device List' area (as shown below).
3. Select the PCI device radio button to enable PCI scanning on the device
4. Enter a friendly name for the device in the 'Device Name' text box and click 'Continue'.
5. Click 'Add' in the next screen.
6. Enter the Domain name(s) or IP addresses to be associated with the device in the 'Add IPs or Domains' text box. You can add as many IP addresses as allowed by your PCI license. If you want to add more than one IP or domain, click on the link Add Multiple Addresses and enter the IPs/domains separated by commas.
Note: You can check for the IP addresses and the domains, which have been previously entered and deleted, or the IP Addresses that were detected through reverse lookups on the domains or common hostnames for the domains included previously, by clicking the link 'Please check discovered currently out of scope'. This helps you to identify the out of the scope components to be scanned and add to the created device.
Note: You must enter external IP addresses in these fields. HackerGuardian will not run PCI scan on private IP addresses that refer to machines internal to your network.
Private IPs ranges are defined by RFC 1918 as:
10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192/168/16 prefix)
7. Click the 'Add' button beside the text box.
8. The IP(s)/Domain(s) will be added to the device. If you want to add more IPs or Domains, repeat from Step 6.
9. After adding required IPs and Domains to the Device, Click 'Save'.
The device will be added to your HackerGuardian Account. The device will be validated for PCI compliance on your first on-demand scan and the status will be updated accordingly.
The 'Device List' area of the Hackerguardian interface displays all devices that have been created in this account. From here the administrator can edit device details, delete a device, move a domain to another device or remove a domain from a device.
To access the interface for device management, click the edit button beneath the device as shown below.
Adding Additional IPs/Domains
1. Open Edit Interface as explained above.
2. Enter the Domain name(s) or IP addresses in the 'Add IPs or Domains' text box and click Add button beside the textbox.
3. Click Save.
Removing a IP/Domain from a Device
1. Open Edit Interface as explained above.
2. Click the 'X' button beside the IP/Domain name and click 'Save'.
Moving IP/Domain to Another Device
Remove the IP/Domain from the device in which it is existing and add it to the destination device.
Removing a Device
1. Open Edit Interface as explained above.
2. Click the 'Delete Device' button and click 'Yes' in the confirmation dialog.
Once the device is added, you can scan the target device. Note: The IP addresses that HackerGuardian scans originate from are:
220.127.116.11/28 (which translates as 18.104.22.168 through 22.214.171.124) and 126.96.36.199/28 (which translates as 188.8.131.52 through 184.108.40.206).
You may have to modify your firewall to allow scans from this range.
To start scanning a selected device
1. Click 'Start Scan' button in the upper pane of the Overview area as shown below.
The scan configuration options will be displayed.
2. Select 'PCI Scan' from the scan type drop-down menu.
3. Select the device to be scanned in the next box. If you want to run the scan for all the devices at once, select 'All'.
4. Select the IPs/Domains in the next box. If you want to run the scan for all the IPs/Domains in the selected device at once, select 'All'.
5. Click Start
Tip: If you want to run the scan simultaneously on multiple devices, you can start scanning on the next device by following the same procedure when the scan in running in one device. Also, you can terminate the scan at any moment by clicking 'Cancel Scan' button.
Viewing a dashboard summary of scan results
On completion of scan, a dashboard summary of the results will be displayed in the upper pane of the 'Overview' area. If you want to switch to the scan results of other devices, click the bar-graph button beneath the device name as shown below.
Viewing Executive Report, Results Charts and Vulnerability Reports
- To view the Executive scan Report, click the Executive Report button beside the device name.
- To view the Charts page that contains at-a-glance summary of the scan results on the device and graphical representations of proportions of identified vulnerabilities according to their categories , click the charts page button in the row of the Device.
- To view the Vulnerability Report, click the Vulnerability Report button beside the IP/domain name from the list of IPs/domain names displayed by clicking the '+' button beside the Device name.
The Administrator can also download a Report Pack containing the pdf files of the reports for submitting to the acquiring bank from the Reports area, after a successful scan. Refer to View PCI Scan Reports for more details.