Since our goal is to help you become compliant and save money in non-compliance fees, let’s take a break from the action and discuss one way you can do both. Namely, how do you resolve that pesky “Host Not Detected” failure you may be seeing with your PCI vulnerability scan?
First, a little history. Starting January 31, 2018, the PCI council changed the vulnerability scanning rules that may cause PCI scans to fail when finding “Host Not Detected.” Because of this change, I wanted to create a simpler guide to help you resolve this failed scan finding. Here are a few items to consider.
- Trustwave Endpoint (Recommended) – This is the easy method. Just download the Trustwave Endpoint Suite. Once installed in the environment, Endpoint will report the current IP to Trustwave automatically. Plus, you get all the added benefits of the Advanced Security Package.
- Correct Your IP Address – If you’re going to do things manually, let’s make sure you’re using the correct external IP address for the scanner. To determine your IP address, visit the website What’s My IP. Once there, make sure your IP matches your “Public IPv4” or is what was entered in your Trustwave scan profile. If the IP address in your profile was incorrect, remember to remove it so the scan doesn’t fail.
- A “Hidden Network” – Having a hidden network for security is completely legitimate. If you or your team have created a hidden network, you will need to file a dispute through the Trustwave Dispute process to rectify the failed scan. To do so, click on the “Dispute Findings” button in the Trustwave scan to begin the process. You will need to supply the following two pieces of information in the dispute.
- “My Firewall is setup by design to block all incoming traffic, including Trustwave’s scanners.”
- “We do not have any ‘active protection systems’ in place against Trustwave’s source IP’s.”
- Whitelist Trustwave’s IPs – If you have an IDS/IPS/WAF (your IT guru probably knows these terms if you need assistance) or similar product that inspects network traffic, you may need to whitelist the Trustwave IP addresses.
Trustwave’s IPs are:
64.37.231.0/24 (64.37.231.1 through 64.37.231.254)
111.108.90.138-111.108.90.139
124.211.46.74-124.211.46.75
204.225.91.58-204.225.91.59
209.90.139.122-209.90.139.123
220.101.105.8-220.101.105.9
220.101.107.8-220.101.107.9
Note: Do not whitelist your firewall directly. This could lower your layered defense and is not recommended.
After adjusting for these items, you will need to initiate a re-scan, which should change that “Host Not Detected” status from FAIL to PASS. If you should continue to have issues though, please contact your Relationship Manager directly to remedy the failed scan at 800.441.1762. Make sure to have your IT guru available as they may need to assist with answering some technical questions about your network.
Additional Resources:
Trustwave Portal Login
Trustwave’s Video Tutorial
Trustwave Knowledge Base Article on Host(s) Not Detected
