Support Center > Search Results > SecureKnowledge Details
CheckMe - Instant Security Check
Solution

ARE YOU VULNERABLE TO NEW TYPES OF ATTACKS?

CheckMe service simulates many types of attacks that can compromise your computer and the information on your network.
This service includes series of tests that checks your vulnerability of your computer and network to
Ransomware, Phishing, Zero Day, Bot communication, Code Injection, Anonymize usage and Data leakage.

 

How CheckMe works?

  1. Go to http://www.cpcheckme.com.

  2. Start the scan in your web browser.

  3. Your web browser communicates with CheckMe service to analyze your network's security controls (without any actual risk for your network).

    Example of final results page or a vulnerable network:

  4. Click on the "GET FULL REPORT" button at the bottom to receive a detailed report with results and
    remediation guidelines to your e-mail (will be sent From "CheckMe@checkpoint.com"
    with Subject "CheckMe Report"; example report for a vulnerable network).

 

What threats are being checked?

CheckMe simulates various scenarios that could be a starting point for the following attack vectors:

Ransomware is a type of malware that encrypts users' files and require ransom for their decryption.
Identity Theft / Phishing attack captures personal information by fake websites that appears to be legitimate.
Zero Day attack uses the element of surprise and exploits a hole in the software that is unknown to the vendor.
Bots perform malicious attacks that let attackers take complete control over an infected computer.
Browser attack injects malicious script into web sites to steal cookies from victims for the purpose of impersonating the victims.
Anonymous surfing allows users to hide their online activity. It can open backdoors into an organization's network.
Data leakage is the transfer of classified or sensitive information outside an organization's network by theft or accidental exposure.

 

Tests Specifications & Remediation Guidelines

The table below summarizes different attacks that were used during the simulation and explanation how to remediate each attack.

Threat Test Description Remediation Guidelines
Ransomware
attack

This test downloads a test infected file (EICAR virus) through your network.

  • https://www.cpcheckme.com/check/testsAssets/e.txt
  • http://www.cpcheckme.com/check/testsAssets/e.bz2
  • http://www.cpcheckme.com/check/testsAssets/e.zip

Note: This test is not supported for SMB appliances running Gaia Embedded OS (600 / 700 / 1100 / 1200R / 1400).

Improve your network security with Check Point Threat Prevention solution by following these steps:

  1. Make sure your Anti-Virus blade is configured based on the Check Point "Recommended_Profile".
  2. Enable the "Archive scanning" in your Anti-Virus blade (in the Threat Prevention profile).
  3. Enable the HTTPS Inspection feature to inspect HTTPS traffic.
Identity
Theft /
Phishing
Attack

This test generates connections to phishing and malicious sites through your network.
A successful communication attempt is an indication that you could fall prey to a phishing attack and your personal information could be stolen.

CheckMe simulates this test by loading a favicon.ico file from the following sites:

  • http://guidesforworkloadautomation.com/favicon.ico
  • http://98.139.236.92/favicon.ico

Ensure that phishing and High Risk categories are configured in "Prevent" mode in the URL Filtering policy to protect your computer from this threat.

Zero
Day
Attack

This test downloads files in different formats that are often used in Zero Day attacks through your network.

CheckMe simulates this test by downloading the following files:

  • http://www.cpcheckme.com/check/testsAssets/win7_64bit_big.com
  • http://www.cpcheckme.com/check/testsAssets/win7_64bit_big.zip
  • http://www.cpcheckme.com/check/testsAssets/win7_64bit_big.pdf

Improve your network security with Check Point Threat Prevention solution by following these steps:

  1. Enable the Threat Emulation blade.
  2. Enable the Threat Extraction blade to strip the files from malicious content.
Browser
attack

This test checks if your network is protected against Cross-Site Scripting (XSS) SQL injection and command injection.

CheckMe simulates this test by connecting to:

  • http://www.cpcheckme.com/check/testsAssets/1.aspxss=%3Cscript%3Ealert%28%221%22%29%3C%2Fscript%3E

Improve your network security with Check Point Next Generation Threat Prevention that includes Intrusion Prevention System (IPS) blade.

Configure the IPS protections against Cross-Site Scripting (such as "Cross-Site Scripting Scanning Attempt") to "Prevent" mode.

  1. Enable the IPS blade and ensure that IPS protections are up to date.
  2. In case it is not possible to update the IPS protections to the latest release, enable the following IPS protection:
Bot
Infection

This test simulates Bot communication via a known Command and Control protocol.

CheckMe simulates this test by posting:

  • creditcard=1234&expyear=2017&ccv=123&pin=1234

to:

  • http://www.cpcheckme.com/check/testsAssets/post.html

Improve your network security with Check Point Next Generation Threat Prevention that includes Anti-Bot blade, whose default settings block access to Command and Control servers.

Anonymizer
usage

This test connects to an anonymizing site through your network.

CheckMe simulates this test by attempting to access:

  • http://www.hidemyass.com

Improve your network security with Check Point Threat Prevention solution that includes URL Filtering blade.

Ensure that anonymizing sites are blocked by the URL Filtering policy.

Sensitive
data
leakage

This test generates a traffic structured as credit card numbers (over HTTP and HTTPS) to public sites through your network.

CheckMe simulates this test by posting:

  • 4580-0000-0000-0000, 5500 0000 0000 0004, 4024 0071 0007 2775, 4024007117885730, 4024007186169115

to:

  • http://www.cpcheckme.com/check/testsAssets/post.html

Note: This test is not supported for Capsule Cloud.

Improve your network security with Data Loss Prevention (DLP) blade.

Ensure that PCI - Credit Card Numbers are blocked by the DLP policy.

 

FAQ

  • Can CheckMe cause any damage to a computer that runs these tests?

    All tests are secured and there is no risk to the user's devices and network.
    The administrator may see alerts in the security system that notify about the tests simulation.
  • Does CheckMe test my computer or my network security?

    CheckMe is a single snapshot that reflects your network security.
    All tests should be blocked at the gateway before getting to your personal computer.
  • How CheckMe simulates the threats?

    CheckMe uses JavaScript functions that are running in the context of the page and perform the following:

    1. Download a "malicious" file (in unpacked and archived form) from cpcheckme.com over HTTP, HTTPS
    2. Post "sensitive" data to cpcheckme.com
    3. Load images from domains with bad reputation

 

Revision History

Show / Hide this section
Date Description
15 Mar 2017 Updated the description of and remediation guidelines for "Zero Day Attack".
Updated the description of and remediation guidelines for "Identity Theft / Phishing Attack".
02 Mar 2017 Updated the description of "Ransomware attack".
Updated the description of and remediation guidelines for "Browser attack".
Added a note that Sensitive data leakage tests are not supported for Capsule Cloud.
20 Feb 2017 Removed "Beta Version" from the article title.
Renamed from "Browser Code Injection" to "Browser attack".
Updated the tests that simulate a "Browser attack".
Improved the remediation guidelines for "Browser attack".
Added a note that Ransomware Attack tests are not supported for SMB appliances (600/700/1100/1200R/1400).
12 Feb 2017 Improved the remediation guidelines for "Zero Day Attack".
07 Feb 2017 Improved all the remediation guidelines.
05 Feb 2017 Changed the design of this article.
Upgraded the CheckMe service.
09 Jan 2017 Minor text improvements.
09 Jan 2017 Added notes that this service simulates the attacks without any actual risk for customer's environment.
05 Jan 2017 First release of this article.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment