Test Your Security Policy

The tools below will let you test your Security policy. The following tests focuses on a specific security domain in the product’s security policy.

Intrusion Prevention Security Engine Testing

Test Denial of Service (DoS)

Description: Denial of service is an attack that cause the application to stop responding and must be closed, in some cases this exploit can be leveraged into remote code execution attack (by using an exploitable buffer overflow). The below is harmless example that will cause IE to close on unprotected machine.

Guidelines: Click on the link below to test your Vulnerabilities and Exploits policy.

If you receive "Security Status: You are safe" message, your Vulnerability Protection engine is active.

If you receive the message "Security Status: You are vulnerable", it means that your Intrusion Prevention engine is not setup properly.

When clicking on "Run Demo" your browser will crash.

Solution: To block this malicious code from entering your network, make sure to enable the Intrusion Prevention.

Links: DoS_Test.html

Test Remote Code Execution (RCE)

Description: Remote code execution attack allows unauthorized party to remote control your computer and steal confidential information, attacker can create/delete files, and basically do anything.

Guidelines: Click on the link below to test your Vulnerabilities and Exploits policy.

If you receive "Security Status: You are safe" message, your Intrusion Protection engine is active.

If you receive the message "Security Status: You are vulnerable", it means that your Intrusion Prevention engine is not setup properly.

Solution: To block this malicious code from entering your network, make sure to enable the Intrusion Prevention.

Links: RCE_Test.html

Test Phishing

Description: Phishing is attack design for stealing the unsuspected user data. This can be done by disguising a malicious web site as a known and trusted one (e.g. bank website) and tempting the user to enter his personal information.

Guidelines: Click on the link below to test your Vulnerabilities and Exploits policy.

If you receive "Security Status: You are safe" message, your Intrusion Prevention engine is active.

If you receive the message "Security Status: You are vulnerable", it means that your Intrusion Prevention engine is not setup properly.

Solution: To block this malicious code from entering your network, make sure to enable Intrusion Prevention.

Links: Phishing_Test.html

Behavior Profile Security Engine Testing

Test Code Obfuscation of Malicious Script (COMS)

Description: Code Obfuscation is a methodology used by malicious code writers to obfuscate their harmful code. It uses encryption and encoding in order to garble the original source code therefore making it harder to analyze.

Guidelines: Click on the link below to test your Behavior profile policy.

If you receive "Security Status: You are safe" message, your Behavior policy is active.

If you receive the message "Security Status: You are vulnerable", it means that your Intrusion Prevention engine is not set up properly.

Solution: To block this malicious code from entering your network, make sure to enable the [Block Malicious Scripts by Behavior] rule in your security policy.

Links: This demo is based on a known vulnerability in web browsers.

COMS_Test.html

Test Java Script / VB Script

Description: Java Script / VB Script are codes that can be embedded into a webpage to add functionality. This added functionality and flexibility results in exposure to some security risk.

Test Java Applet

Description: Java applets are programs designed to be run from other application (typically web browser). Since java applets run without user intervention the JVM (Java Virtual Machine) enforce some limitation on it. These limitations include writing files to the local computer, reading files, programs execution, registry manipulation etc. There are, however some security vulnerabilities (See: CAN-2005-3906) which allow malicious applets to bypass these limitations, Hence any applet which tries to perform any of the restricted actions should be blocked (regardless of the bypass technique, if any used).

Guidelines: Click on the link below to test your Intrusion Prevention.

If you receive "Security Status: You are safe" message, your Intrusion Prevention is active.

If you receive the message "Security Status: You are vulnerable", it means that your Intrusion Prevention engine is not setup properly.

Solution: To block this malicious code from entering your network, make sure to enable the Intrusion Prevention.

Links: This demo is based on vulnerability which is already patched. The below applet will try to create a file (AppletDemo.txt), on C:\secpoint. As described above, since this applet tries to perform potentially illegal and dangerous operation it should be blocked (if your machine is patched, no file will be created).

JavaApplet_Test.html

Anti Virus Security Engine Testing

Test Anti Virus

Description: EICAR, the European Institute for Computer Anti-Virus Research, had developed a test file that Anti Virus product “detects" as if it was a virus. This is not a real virus, and does not include any fragments of viral code. The file is a legitimate DOS program that shows the message "EICAR-STANDARD- ANTIVIRUS-TEST-FILE!"

Guidelines: Click on one of the links below to test your Anti Virus policy. If the download dialog appears, your Anti Virus policy is not active. If you see the Vital Security alert message, it means that your Anti Virus policy is working properly.

Solution: To block this malicious code from entering your network, make sure to enable the Anti-Virus.

Links: Eicar.zip, Eicar.jpg

URL Filtering Security Engine Testing

Test URL Filtering

Description: Perform the following test in order to validate weather the URL filtering engine works correctly

Guidelines: Click on the link below to test your URL Filtering policy. The URL below will lead to a site which is categorized as hacking site, and therefore should be blocked. If you receive Vital Security alert message, your URL Filtering policy is active. If you get to the actual Hacking site, it means that your URL Filtering policy was not setup correctly.

Solution: To block this malicious code from entering your network, make sure to enable the Web Content Filter.

Links: www.astalavista.box.sk