ASV Scan Report Attestation of Scan Compliance



Similar documents
Payment Card Industry (PCI) Executive Report 08/04/2014

Payment Card Industry (PCI) Executive Report 10/27/2015

PCI Vulnerability Validation Report

Scan Report Executive Summary. Part 2. Component Compliance Summary IP Address :

PCI Compliance. Network Scanning. Getting Started Guide

1 Scope of Assessment

Nessus Perimeter Service User Guide (HTML5 Interface) March 18, 2014 (Revision 9)

Payment Card Industry (PCI) Data Security Standard

PCI COMPLIANCE REQUIREMENTS COMPLIANCE CALENDAR

Bottom line you must be compliant. It s the law. If you aren t compliant, you are leaving yourself open to fines, lawsuits and potentially closure.

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Executive Report. Pukka Software

CONTENTS. PCI DSS Compliance Guide

Vulnerability Scan. January 6, 2015

IBM. Vulnerability scanning and best practices

PCI DSS v3.0 Vulnerability & Penetration Testing

AUTOMATING AUDITS AND ENSURING CONTINUOUS COMPLIANCE WITH ALGOSEC

Payment Card Industry (PCI) Penetration Testing Standard

Nessus Enterprise Cloud User Guide. October 2, 2014 (Revision 9)

TRIPWIRE PURECLOUD. TRIPWIRE PureCloud USER GUIDE

Payment Card Industry (PCI) Data Security Standard

Payment Card Industry (PCI) Data Security Standard

MONITORING AND VULNERABILITY MANAGEMENT PCI COMPLIANCE JUNE 2014

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire D and Attestation of Compliance

ARE YOU REALLY PCI DSS COMPLIANT? Case Studies of PCI DSS Failure! Jeff Foresman, PCI-QSA, CISSP Partner PONDURANCE

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

Managed Service Solutions Catalogue. MANAGED SERVICES SOLUTIONS CATALOGUE MS Offering Overview June 2014

CONQUERING COMPLIANCE ISSUES WITH RHN SATELLITE AND TENABLE NESSUS SECURITY

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

Divide and Conquer Real World Distributed Port Scanning

Penetration Testing. NTS330 Unit 1 Penetration V1.0. February 20, Juan Ortega. Juan Ortega, juaorteg@uat.edu. 1 Juan Ortega, juaorteg@uat.

FAQ S: TRUSTWAVE TRUSTKEEPER PCI MANAGER

Payment Card Industry (PCI) Data Security Standard

Penetration Testing Report Client: Business Solutions June 15 th 2015

Comodo HackerGuardian. PCI Security Compliance The Facts. What PCI security means for your business

How To Protect Your Data From Being Stolen

PAYMENT CARD INDUSTRY (PCI) COMPLIANCE HISTORY & OVERVIEW

Your Compliance Classification Level and What it Means

Cyber Security Scan Report

INFORMATION SECURITY TESTING

Simplêfy Client Support and Information Services. PCI Compliance Guidebook

Payment Card Industry (PCI) Data Security Standard

SYSTEM DEPLOYMENT & SECURITY AUDITING WITH RHN SATELLITE & NESSUS

G-Cloud Pricing. Atos infrastructure Vulnerability Scanning (Outpost24) SaaS

Cyber Essentials PLUS. Common Test Specification

Port Scanning and Vulnerability Assessment. ECE4893 Internetwork Security Georgia Institute of Technology

Payment Card Industry (PCI) Data Security Standard

SECURITY PATCH MANAGEMENT INSTALLATION POLICY AND PROCEDURES

Client logo placeholder XXX REPORT. Page 1 of 37

Qualified Integrators and Resellers (QIR) Implementation Statement

Software Vulnerability Assessment

TOP 10 WAYS TO ADDRESS PCI DSS COMPLIANCE. ebook Series

PCI Compliance Instructions

Payment Card Industry (PCI) Data Security Standard

HoneyBOT User Guide A Windows based honeypot solution

Customer PCI 3.0 Changes = New Opportunity For You. Giles Witherspoon-Boyd SecurityMetrics

Payment Card Industry (PCI) Data Security Standard

Requirements & Potential Costs for SAQ D

PCI DATA SECURITY STANDARD OVERVIEW

Vulnerability Scans Remote Support 15.1

Overcoming PCI Compliance Challenges

GETTING STARTED WITH THE PCI COMPLIANCE SERVICE VERSION 2.3. May 1, 2008

GFI White Paper PCI-DSS compliance and GFI Software products

Client Security Risk Assessment Questionnaire

White Paper. Managing Risk to Sensitive Data with SecureSphere

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire A and Attestation of Compliance

Payment Card Industry (PCI) Data Security Standard

TRUSTWAVE VULNERABILITY MANAGEMENT USER GUIDE

Attestation of Compliance for Onsite Assessments Service Providers

Payment Card Industry (PCI) Data Security Standard

Intrusion Detection Systems (IDS)

PCI DSS and SSC what are these?

PCI-DSS Penetration Testing

Global Partner Management Notice

SNI Vulnerability Assessment Report

PCI DSS. CollectorSolutions, Incorporated

Payment Card Industry (PCI) Data Security Standard ROC Reporting Instructions for PCI DSS v2.0

INFORMATION SUPPLEMENT. Migrating from SSL and Early TLS. Version 1.0 Date: April 2015 Author: PCI Security Standards Council

How to Make the Client IP Address Available to the Back-end Server

Case 2:13-cv ES-JAD Document Filed 12/09/15 Page 1 of 116 PageID: Appendix A

Payment Card Industry (PCI) Data Security Standard Self-Assessment Questionnaire C and Attestation of Compliance

Trend Micro Worry- Free Business Security st time setup Tips & Tricks

Worldpay s guide to the Payment Card Industry Data Security Standard (PCI DSS)

1 hours, 30 minutes, 38 seconds Heavy scan. All scanned network resources. Copyright 2001, FTP access obtained

Sample Vulnerability Management Policy

PCI DSS Reporting WHITEPAPER

Phone Inventory 1.0 (1000) Installation and Administration Guide

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008

PDQ Guide for the PCI Data Security Standard Self-Assessment Questionnaire C (Version 1.1)

How To Use Qqsguard At The University Of Minneapolis

Attestation of Compliance for Onsite Assessments Service Providers

What are the PCI DSS requirements? PCI DSS comprises twelve requirements, often referred to as the digital dozen. These define the need to:

Deploying Dell OpenManage Server Administrator on VMware ESXi Using Dell Online Depot and VMware Update Manager

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

UTAH STATE UNIVERSITY POLICIES AND PROCEDURES MANUAL

Transcription:

ASV Scan Report Attestation of Scan Compliance Scan Customer Information Company: David S. Marcus, Ph. D Approved Scanning Vendor Information Company: ComplyGuard Networks Contact: Contact: Support Tel: Title: Tel: (210) 835-2000 Title: E-mail: dsmarcus@earthlink.net Bus Address: E-mail: support@complyguardnetworks.com Bus Address: 412 North Main St. City: State/Province: City: San Antonio State/Province: TX Zip: URL: Zip: 78205 URL: www.complyguardnetworks.com Scan Status Compliance Status Fail Number of unique components scanned: 1 Number of identified failing vulnerabilities: 6 Number of components* found by ASV but not scanned because scan customer confirmed components were out of scope: 0 Date scan completed: 05/12/12 Scan expiration date (90 days from date scan completed): 08/10/12 Scan Status David S. Marcus, Ph. D attests on 05/12/12 that this scan includes all components* which should be in scope for PCI DSS, any component considered out-of-scope for this scan is properly segmented from my cardholder data environment, and any evidence submitted to the ASV to resolve scan exceptions is accurate and complete. David S. Marcus, Ph. D also acknowledges the following: 1) proper scoping of this external scan is my responsibility, and 2) this scan result only indicates whether or not my scanned systems are compliant with the external vulnerability scan requirement of PCI DSS; this scan result does not represent my overall compliance status with PCI DSS or provide any indication of compliance with other PCI DSS requirements. ASV Attestation This scan and report was prepared and conducted by Complyguard Networks under certificate number 3710-01-03, according to internal processes that meet PCI DSS requirement 11.2 and the PCI DSS ASV Program Guide. Complyguard Networks attests that the PCI DSS scan process was followed, including a manual or automated Quality Assurance process with customer boarding and scoping practices, review of results for anomalies, and review and correction of 1) disputed or incomplete results, 2) false positives, and 3) active scan interference. This report and any exceptions were reviewed by support@complyguardnetworks.com. Page 1

ASV Scan Report Executive Summary The Attestation of Scan Compliance is included as the cover sheet for this ASV Scan Report Executive Summary. Your bank, processor or ISO need only the Attestation of Compliance as your proof of compliance. This report is for your information and should be kept for your records. All High and Medium vulnerabilities MUST be remediated in order to obtain a PASS for the testing. Part 1. Scan Information Scan Customer Company: David S. Marcus, Ph. D ASV Company: ComplyGuard Networks Date scan was completed: 05/12/12 Scan expiration date: 08/10/12 Part 2. Component Compliance Summary Fail Part 3a. Vulnerabilities Noted for each IP Address Exceptions, False Positives or /LETtoaCuluFoy4DePCwPLiT0HI1s36zHz9s712uSci 4zxnjnmPAmXpdcnGMYmVwDfBGtXI6zXgIJ1YC8lqJ0T YlUP8hajSNTWZJH7RUk1K6JHLGgGnDaMfSojaxweHvj cnre3kktj8milu3u3xns4kz4bihrqt2rikowzqjhsk9 VbbQ26pdrzLoImGB4v9lqUFyewXsahnz55dwjEDBNRE ZEbS7b67a<font%20size=50>DEFACED<!--//-- : /LETtoaCuluFoy4DePCwPLiT0HI1s36zHz9s712uSci 4zxnjnmPAmXpdcnGMYmVwDfBGtXI6zXgIJ1YC8lqJ0T YlUP8hajSNTWZJH7RUk1K6JHLGgGnDaMfSojaxweHvj cnre3kktj8milu3u3xns4kz4bihrqt2rikowzqjhsk9 VbbQ26pdrzLoImGB4v9lqUFyewXsahnz55dwjEDBNRE ZEbS7b67a<font%20size=50>DEFACED<!--//-- : Page 2

/LNSAZoL2iuV3PmcrZl0W5YhMwILOBPbZwzEHVi5QAM dlojcfl6y0ihv21bu7r3461q80t3cfq9wqfvx3lfcgs MIZ4MDac8YVcxkBralskmulwlrf5JnvLuewKZ402AkB LBIK0CZY7ajOn7U9xzZ0LAgwAzrUaw9UViczNtTyvEK hm7wnyf5dfr084qh966s324xgjxktxvxxaqe7xtf3d5 btukjxdoo<font%20size=50>defaced<!--//-- : /LNSAZoL2iuV3PmcrZl0W5YhMwILOBPbZwzEHVi5QAM dlojcfl6y0ihv21bu7r3461q80t3cfq9wqfvx3lfcgs MIZ4MDac8YVcxkBralskmulwlrf5JnvLuewKZ402AkB LBIK0CZY7ajOn7U9xzZ0LAgwAzrUaw9UViczNtTyvEK hm7wnyf5dfr084qh966s324xgjxktxvxxaqe7xtf3d5 btukjxdoo<font%20size=50>defaced<!--//-- : The remote Apache tomcat service is vulnerable to an information Medium 6.4 Fail CVE-2010-2227 Upgrade to version 5.5.30 / 6.0.28 or greater. The remote Apache tomcat service is vulnerable to an information Medium 6.4 Fail CVE-2010-2227 Upgrade to version 5.5.30 / 6.0.28 or greater. Page 3

x11 (tcp/6000) Nmap has identified this service as Microsoft Terminal Service isakmp (udp/500) A VPN server is listening on the remote port. If this service is not needed, disable it or filter incoming trafficto this port. Nmap has identified this service as Apache Tomcat Coyote JSP engine 1.1 A web server is running on this port Links to external sites were gathered. A web server is running on the remote host. Page 4

Some information about the remote HTTP configuration can be extracted. This plugin determines which HTTP methods are allowed on various CGI Nmap has identified this service as Apache Tomcat Coyote JSP engine 1.1 A web server is running on this port Links to external sites were gathered. A web server is running on the remote host. Page 5

Some information about the remote HTTP configuration can be extracted. This plugin determines which HTTP methods are allowed on various CGI general/udp (udp/0) It was possible to obtain traceroute information. The TCP initial sequence number of the remote host are incremented by random positive values. It was possible to resolve the name of the remote host. Page 6

The remote IP address seems to connect to different hosts Make sure that this setup is authorized by your security policy Remote operating system : Microsoft Windows 2000 It is possible to enumerate CPE names that matched on the remote X11:3 (tcp/6003) Nmap has identified this service as Microsoft Terminal Service Page 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information