Who is McAfee / HackerSafe / ScanAlert? McAfee acts as security advisor for over 80,000 Web sites. Web sites compliant with the McAfee Secure security standard may display the McAfee McAfee Secure certification mark. In addition to McAfee Secure, McAfee is also the world's largest provider of PCI compliance auditing services. For more information about McAfee and McAfee Secure certification, please visit our Corporate Overview. Why am I being audited (scanned)? McAfee only performs security audits as requested by McAfee customers. A McAfee security audit includes testing the Web pages associated with a customer's domain, and port scans of the host machine on which the domain resides. McAfee employees do not add domains or IP addresses to our security auditing service. This action must be performed by a McAfee customer. If your intrusion detection system or server logs reveal activity by McAfee, then a McAfee customer has requested a security audit for that device. Customers use McAfee's Web-based management portal to add the domain(s) they want audited. Before the management portal accepts a domain, the customer must first confirm that they have the explicit authority to perform security audits on their domain and any associated IP address. Prior to auditing, McAfee performs a lookup on the domain to determine its IP address, then associates the domain with the IP address. McAfee then audits both the domain and the host machine at that IP address. McAfee never performs unsolicited audits. It is a violation of McAfee terms and services for a customer to request security audits on a domain and/or a devices IP address for which that customer is not expressly authorized to do so. If you have questions about McAfee security audits not answered by this FAQ, please contact us. Note that McAfee may only discuss sensitive customer information with persons registered with a customers account. How often does McAfee perform security audits? To certify a customers domain as McAfee Secure, McAfee must perform security audits on a random, daily basis. Failing to do so revokes McAfee Secure certification and prevents the McAfee Secure certification mark from displaying on their site. Customers using only McAfee PCI compliance auditing services receive security audits once per quarter, according to PCI compliance requirements. McAfee performs PCI audits for these customers at a random date and time every quarter. Whether auditing for McAfee Secure certification or PCI compliance, McAfee administers the same security audit. For more information on security audits, see What is included in a McAfee security audit ? NOTE: Customers using either McAfee Secure or PCI services are also free to perform on-demand security audits at any time. How often does McAfee perform security audits? McAfee conducts security audits in three phases:
Phase 1: Port Discovery Scan McAfee performs a lookup of the customers domain and resolves it to an IP address. McAfee then conducts a full port scan of the IP address, and reports all responding ports. If no ports respond, McAfee terminates the audit and reports an incomplete port scan. Unless the device being audited is a hardware firewall, or other device designed specifically to refuse port scans, the device cannot be certified as McAfee Secure or PCI compliant. Phase 2: Network Services Scan Using data from Phase 1, McAfee probes the services running on the ports for application information. Based on information collected during Phases 1 and 2, McAfee cross-references its extensive vulnerability knowledge base, and reports any services with known vulnerabilities. NOTE: Most vulnerabilities detected at this phase can be resolved by patching or removing affected services, or blocking their port numbers. Phase 3: Web Application Scan During Phase 3, McAfee audits every publicly available part of the domains Web application. his includes all HTTP services, configuration files, and any scripts (CGI, PHP, etc.). McAfee submits all database query parameters for vulnerabilities such as SQL injections and cross-site scripting. Since attacks along these vectors vary, McAfee must test each query parameter multiple times. Depending on the complexity and efficiency of the Web application, Phase 3 may temporarily increase server load. If the Web application has a significant portion available only to registered users, the customer may provide McAfee a login to audit this as well. During the Web application scan, McAfee utilizes up to five testing threads, simulating the effect of no more than five users visiting the site. When auditing, McAfee remains within the domain itself (www.domain.com). Among other site features, McAfee may audit any site control panel login pages accessible under the domain. Once the security audit completes, McAfee may send alert e-mail to users on the account, depending on their e-mail settings.
What is included in a McAfee security audit? McAfee only sends security alert e-mail to persons registered as users on a McAfee account. If you receive e-mail from alerts@scanalert.com, the account owner, or a user on the account with administrative access, has added you as a user to their account. Why do I receive e-mail from alerts@scanalert.com? You can view a list of originating IP addresses for McAfee security audits here: NOTE: You should not block our security audits outright, as this will prevent us from certifying our customers as McAfee Secure. Please contact us first to resolve any issues. Contact McAfee
Support1-707-252-9624 or support@hackersafe.com |
Contact us for more.