EZ TRAVEL CRUISE'S
Your full serviceTravel Experts!
1-800-593-1095

Certificate of PCI DSS Merchant Compliance

Payment Card Industry Data Security Standards Validation

Based on the information provided by the merchant listed below involving its security policies, procedures, and regulations, SecurityMetrics has found the merchant to be compliant with the Payment Card Industry Data Security Standards (PCI DSS), endorsed by Visa, MasterCard, American Express, Discover, and JCB card brands.

EZ TRAVEL
Last Passing Scan Date: August 05, 2011
Self Assessment Questionnaire (C 2.0) Compliant Date: August 15, 2011

SecurityMetrics recognizes the merchant for its efforts to reduce credit card theft and fraud. By achieving PCI certification, this merchant is maintaining rigorous data security standards to ensure that its customer's credit card information remains safe and secure. In order to maintain PCI DSS compliance the merchant's self-assessment questionnaire must be passed every 12 months and any scans, if applicable, must be passed every 3 months.

Ian Taylor
Director of Security Fulfillment

 

Scan Results Table of Contents

Domain/IP Max Risk   Domain/IP Max Risk
173.51.112.146 (pool-173-51-112-146.lsanca.dsl-w.verizon.net) 3   71.104.96.122 (pool-71-104-96-122.lsanca.dsl-w.verizon.net) 0




Test Results

Executive Summary
Test Result: Pass Date: 2011-08-05 Target IP: 71.104.96.122
Test ID: 3032864 Test Length: 1.14 Hours DNS Entry: pool-71-104-96-122.lsanca.dsl-w.verizon.net
Total Risk: 0 Start Time: 01:01:32 Finish Time: 02:09:51
TCP/IP Fingerprint OS Estimate: Scan Expiration: 2011-11-03

SecurityMetrics has determined that EZ TRAVEL is COMPLIANT with the PCI scan validation requirement for this computer. Congratulations, the computer passes because no risk of 4 or more was found.

You may now use the SecurityMetrics Certified logo. Your Site Certification ID is: 872253. Please write this down and proceed to Add Site Certified Logo Instructions.

Attackers typically use footprinting, port scanning and security vulnerability testing to find security weaknesses on computers. This report provides information on each of these categories.

Footprinting
Find public information regarding this IP, which an attacker could use to gain access: IP Information

Port Scan
Attackers use a port scan to find out what programs are running on your computer. Most programs have known security weaknesses. Disable any unnecessary programs listed below.
Risk Breakdown

Port Scan
Protocol Port Program Status Summary Turn Off
ICMP Ping   Denied Your computer is not answering ping requests. Hackers use Ping to scan the Internet to see if computers will answer. Your computer is not answering, which is a good security practice.  
TCP 4567 tram Open Your computer is responding to scans on this port. This helps a hacker to gather information about possible services running on this machine and what kind of machine you have. If you do not require this service turn it off.  


Security Vulnerabilities Solution Plan
The following section lists all security vulnerabilities detected on your system. All vulnerability risk scores 4 or greater are marked in red and must be resolved to become PCI compliant. Denial-of-Service vulnerabilities are also marked in red but they do not affect your PCI compliance status. Each vulnerability is ranked on a scale from 0 to 10, with 10 being critical. PCI Risk Table

Security Vulnerabilities
Protocol Port Program Risk Summary
UDP   general/udp 0 Synopsis : It was possible to obtain traceroute information. Description : Makes a traceroute to the remote host. Solution: n/a Risk Factor: None
TCP   general/tcp 0 Synopsis : It was possible to resolve the name of the remote host. Description : SMetrics was able to resolve the FQDN of the remote host. Solution: n/a Risk Factor: None
TCP 4567 tram 0 Synopsis : A web server is running on the remote host. Description : This plugin attempts to determine the type and the version of the remote web server. Solution: n/a Risk Factor: None
TCP 4567 tram 0 A web server is running on this port
TCP 4567 tram 0 Synopsis : HMAP fingerprints the remote HTTP server. Description : By sending several valid and invalid HTTP requests, it may be possible to identify the remote web server type. In some cases, its version can also be approximated, as well as some options. An attacker may use this tool to identify the kind of the remote web server and gain further knowledge about this host. Suggestions for defense against fingerprinting are presented in http://acsac.org/2002/abstracts/96.html See also : http://ujeni.murkyroc.com/hmap/ http://seclab.cs.ucdavis.edu/papers/hmap -thesis.pdf http://projects.webappsec.org/Fingerprin ting Solution: n/a Risk Factor: None
TCP 4567 tram 0 Synopsis : Some information about the remote HTTP configuration can be extracted. Description : This test gives some information about the remote HTTP protocol - the version used, whether HTTP Keep-Alive and HTTP pipelining are enabled, etc... This test is informational only and does not denote any security problem. Solution: n/a Risk Factor: None
TCP 4567 tram 0 The following pages are protected by the Digest authentication scheme : /
TCP 4567 tram 0 Synopsis : This plugin determines which HTTP methods are allowed on various CGI directories. Description : By calling the OPTIONS method, it is possible to determine which HTTP methods are allowed on each directory. As this list may be incomplete, the plugin also tests - if 'Thorough tests' are enabled or 'Enable web applications tests' is set to 'yes' in the scan policy - various known HTTP methods on each directory and considers them as unsupported if it receives a response code of 400, 403, 405, or 501. Note that the plugin output is only informational and does not necessarily indicate the presence of any security vulnerabilities. Solution: n/a Risk Factor: None

For a list of all vulnerabilities in our knowledge base on this test date click here.

CONFIDENTIAL AND PROPRIETARY INFORMATION
SECURITYMETRICS PROVIDES THIS INFORMATION "AS IS" WITHOUT ANY WARRANTY OF ANY KIND. SECURITYMETRICS MAKES NO WARRANTY THAT THESE SERVICES WILL DETECT EVERY VULNERABILITY ON YOUR COMPUTER, OR THAT THE SUGGESTED SOLUTIONS AND ADVICE PROVIDED IN THIS REPORT, TOGETHER WITH THE RESULTS OF THE VULNERABILITY ASSESSMENT, WILL BE ERROR-FREE OR COMPLETE. SECURITYMETRICS SHALL NOT BE RESPONSIBLE OR LIABLE FOR THE ACCURACY, USEFULNESS, OR AVAILABILITY OF ANY INFORMATION TRANSMITTED VIA THE SECURITYMETRICS SERVICE, AND SHALL NOT BE RESPONSIBLE OR LIABLE FOR ANY USE OR APPLICATION OF THE INFORMATION CONTAINED IN THIS REPORT. DISSEMINATION, DISTRIBUTION, COPYING OR USE OF THIS DOCUMENT IN WHOLE OR IN PART BY A SECURITYMETRICS COMPETITOR OR THEIR AGENTS IS STRICTLY PROHIBITED.

This report was generated by a PCI Approved Scanning Vendor, SecurityMetrics, Inc., under certificate number 3707-01-04, within the guidelines of the PCI data security initiative.
 

 

 

SecurityMetrics for PCI Compliance, QSA, IDS, Penetration Testing, Forensics, and Vulnerability Assessment

 EZ Travel Cruises, Inc.  10808 Foothill Blvd Ste. 160-592 Rancho Cucamonga, CA 91730 909-784-1810 2001-2010, All rights reserved

An independent agency of   
Seller of travel Ca 2071347-40 Nv 2003-0490 Fl ST36614 Iatan 29578684 Clia 00457074