Web Inspector PCI Services - Technical FAQ
Do I need to allow the Web Inspector PCI scanning IP address?
In order for the Web
Inspector PCI scan to be successful your firewall must be set
to allow the IP address the scan is coming from.
The IP ranges that Web Inspector PCI scans originate from are 208.116.56.32/28 and 91.209.196.32/28
I signed up and got the following message: 'No vulnerabilities were found and the host did not respond to any of our checks' - what does this mean?
This can mean one of two things.
Either:
1) The host is currently
unreachable.
It could be that the host is unreachable because of a
problem with your server.
Quite often, however, it is because your firewall is denying access to the Web Inspector PCI scanner. In order for the Web Inspector PCI scan to be successful your firewall must be set to allow the IP address the scan is coming from.
The IP ranges that Web Inspector PCI scans originate from are 208.116.56.32/28 and 91.209.196.32/28
Or:
2) No services are available on the host and it is secure.
Scan Compliancy: I have a dynamic IP assigned by my ISP. Can I still use Web Inspector PCI?
No. It is not possible to use the Scan Control Service unless you have a static IP.
I received an email saying new tests were added but Web Inspector PCI still shows the old number. How do I add them?
Click the tick at the top of the
plug-selections to enable all new tests in the current scan.
This is explained in more detail in the Account Preferences and Scan Settings.
Does Comodo maintain any statistics about what % of clients consistently a score of 0% on the 'High Risk' threats? Or what % of all commercial servers would have this score?
Comodo does not maintain any sort of global statistics about the scan results we produce.
How do I upgrade from a trial account to the full version?
Upgrade PCI Scan Control Service
Click 'My Account' and in the 'Comodo WebInspector Subscriptions' screen click the 'Purchase More Licenses' link.
Or
Upgrade by buying the full version through this link:http://www.webinspector.com/product_price.php
Remember to select 'Existing Customer' and use your regular Comodo account username and password to during signup.
After upgrading, will I have to re-enter my IP/Domain information?
For thePCI Scan Control Service any previously validated IP addresses will
still be usable.
I am an existing Comodo account holder (e.g. SSL) - can I use my existing Username and Password during purchase?
Yes. You should use the 'Existing Customer Option' and enter your existing Comodo UN/PW during the signup process. You can then also use your Comodo account Password and Username to log into the Web Inspector PCI interface athttps://app.webinspector.com/login
Explain the password/username system to me.
During signup you created a Comodo account with a Username and Password. This Username and Password has dual functionality:
1. Use it to log into your Comodo account and
manage your Comodo account details. You can log in athttp://www.comodo.com
2.
Use it to log into the Web Inspector PCI
web-application interface. Do this using the login box at:https://app.webinspector.com/login
Also see the online help documentation at:http://help.comodo.com/topic-208-1-490-5111-Introduction-to-Comodo-Web-Inspector.html
Can I scan private (internal) IP addresses?
Yes. Internal IP addresses can be scanned if you have a Web Inspector PCI Scan Compliancy Enterprise license. It is not possible to scan internal IPs with the standard license.
Private IPs ranges are defined by RFC 1918 as:
10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192/168/16 prefix)
How many concurrent scans can I run?
The number of concurrent scans you can run is 10% of the number of IP's covered by your license and the maximum number is 25. For example, if the number of IP addresses covered by your license is 50, you can run five concurrent scans on different IP's.
How many ports does each service test?
Different level of services will allow for different total numbers of ports to be scanned. (If you use the Scan Control service, you may define ranges of ports to be scanned within the 'Set Options' page in the 'Port Range' field.)
-
The PCI Scan Control Service scan tests up to a total of 65,535 ports - the total number of ports available on your system.
-
The Daily and Free services will scan the first 15,000 ports on your system. This is a targeted selection of the most commonly used (and commonly attacked) ports.*
Note that most services run on the reserved ports below 1024 and security industry experts agree that these are the most commonly targeted ports. In some circumstances it will be beneficial to test all 65,535 ports, but administrators should be aware that this will lengthen the scan time.
I have changed my password, and now cannot login to the Web Inspector website, why?
When you change your password there is a delay between changing it, and that change being synchronized with the Web Inspector database.
Please allow 15 minutes for the synchronization to take place after changing your password.
Does Web Inspector PCI use the latest CVSS v2?
Yes. Web Inspector PCI uses the latest Common Vulnerability Scoring System version 2 (CVSS v2). All Web Inspector PCI Scan customers are not impacted by the change from CVSS v1 to v2 as we have already been using v2.