Support Center > Search Results > SecureKnowledge Details
CheckMe - Instant Security Check Technical Level
Solution

ARE YOU VULNERABLE TO NEW TYPES OF ATTACKS?

CheckMe service simulates many types of attacks that can compromise your computer and the information on your network.
This service includes series of tests that check the vulnerability of your network, endpoint, cloud and mobile to
Ransomware, Phishing, Zero Day, Bot communication, Browser Exploit, Anonymize usage and Data leakage.

CheckMe assessment for Network, Endpoint and Cloud environments

  1. Go to http://www.cpcheckme.com and select the environments you wish to assess (Network, Endpoint and/or Cloud).

  2. CheckMe runs independently and analyzes your environments.

  3. Your web browser communicates with CheckMe service to analyze your network's security controls (without any actual risk for your network).

    Example of final results page:

  4. Click on the "GET FULL REPORT" button at the bottom to receive a detailed report with results and
    remediation guidelines to your e-mail (will be sent From "CheckMe@checkpoint.com"
    with Subject "CheckMe Report"; example report for a vulnerable network).

 

What threats are being checked?

CheckMe simulates various scenarios that could be a starting point for the following attack vectors:

Ransomware is an attack that takes advantage of a particular vulnerability in a computing system.
Command & Control Communication let attackers take complete control over an infected computer.
Identity Theft attack captures personal information by fake websites that appears to be legitimate.
Zero Day attacks use the surprise element to exploit holes in the software that are unknown to the vendor.
Malware Infection is used to gather guarded information or disrupt corporate, governance and individual operation.
Browser Exploit is an attack that takes advantage of a particular vulnerability in a computing system.
Persistent Malware is a continuous computer hacking processes targets private organizations or states for business or political motives.
Anonymous surfing allows users to hide their online activity. It can open backdoor into an organization's network.
Data leakage is the transfer of classified or sensitive information outside an organization's network by theft or accidental exposure.
Cloud Segmentation scans for open ports of accessible machines within the same environment to indicate for access control lacking.

 

Tests Specifications & Remediation Guidelines

The table below summarizes different attacks that were used during the simulation and explanation how to remediate each attack.

Threat Test Description Remediation Guidelines
Malware Infection Network & Cloud

This test downloads a test infected file (EICAR) through your network.

  • http://s3-eu-west-1.amazonaws.com/cp-chk-files/e.txt
  • https://s3-eu-west-1.amazonaws.com/cp-chk-files/e.zip
  • http://s3-eu-west-1.amazonaws.com/cp-chk-files/getcfg.php?SERVICES=DEVICE.LOG&x=y&AUTHORIZED_GROUP=1

Note: It is supported on 700 / 1200R / 1400 SMB appliances running R77.20.70 and higher and not supported on 600 / 1100 appliances.

Endpoint

This test simulates malware infection by downloading an exe which create an EICAR file.
In case that EICAR file is deleted after few seconds it means that the endpoint is well protected.		 Improve your security with Check Point Threat Prevention and Endpoint Security solution by following these steps:

Network & Cloud

    1. Make sure your Anti-Virus and IPS blade is configured based on the Check Point "RecommendedProfile" (R77.30) or Optimized Profile (R80 and above).
    2. Enable the "Archive scanning" in your Anti-Virus blade (in the Threat Prevention profile).
    3. Enable the HTTPS Inspection feature to inspect HTTPS traffic.Enable the IPS blade and ensure that IPS protections are up to date.
    4. In case it is not possible to update the IPS protections to the latest release, enable the following IPS protection:

      D-Link 850L Router Remote Unauthenticated Information Disclosure

Endpoint

Improve your network security with Check Point Endpoint Security that includes Anti-Malware blade, whose default settings block malware files.
C&C
Communication		 This test simulates C&C communication via a known Command and Control protocol.

Network & Cloud

CheckMe simulates this test by posting:

    • creditcard=1234&expyear=2017&ccv=123&pin=1234

      to:


  • http://www.cpcheckme.com/check/testsAssets/post.html

Endpoint

CheckMe simulate this test with the following get command:

curl --user-agent "Miner" http://www.threat-cloud.com/config.php		 Improve your security with Check Point Next Generation Threat Prevention and Endpoint Security that includes Anti-Bot blade, whose default settings block access to Command and Control servers.
Ransomware Endpoint

This test simulates a ransomware attack by creating files in the user's Downloads directory and encrypts them using AES (Advanced Encryption Standard) and generated key with usage of MD5 of current user SID, And open CMD process.

In case that the encryption process has terminated after few seconds that endpoint is well protected.		 Improve your endpoint security with Check Point Endpoint Security that includes Anti Ransomware component, whose default settings block ransomware attacks.

Note that Anti-Ransomware is available from version E80.70
Browser
Exploit		 Network & Cloud

This test checks if your network is protected against Cross-Site Scripting (XSS).

CheckMe simulates this test by connecting to:

http://s3-eu-west-1.amazonaws.com/cp-chk-files/1.asp?xss=%3Cscript%3Ealert%28%221%22%29%3C%2Fscript%3E

Endpoint

This test checks if your browser is exploit by simulating a shellcode execution in the Internet Explorer.		 Improve your network security with Check Point Next Generation Threat Prevention and Endpoint Security that includes Intrusion Prevention System (IPS) and Anti Exploit blades.

Network & Cloud

Configure the IPS protections against Cross-Site Scripting (such as "Cross-Site Scripting Scanning Attempt") to "Prevent" mode.

    1. Enable the IPS blade and ensure that IPS protections are up to date.
    2. In case it is not possible to update the IPS protections to the latest release, enable the following IPS protection:

    Cross-Site Scripting Scanning Attempt


Endpoint

Enable Anti-Exploit on your Check Point Endpoint Security to improve your security risk against exploits.

Note that Anti-Exploit protection is available from version E80.83
Zero Day Network & Cloud

This test downloads files in different formats that are often used in Zero Day attacks through your network.

CheckMe simulates this test by downloading the following files:

  • http://s3-eu-west-1.amazonaws.com/cp-chk-files/win7_64bit_big.com
  • http://s3-eu-west-1.amazonaws.com/cp-chk-files/win7_64bit_big.zip
  • http://s3-eu-west-1.amazonaws.com/cp-chk-files/win7_64bit_big.pdf


Endpoint

CheckMe simulates this test by downloading and saving zipped PDF file with malicious macros.

In case that the file is deleted after few seconds it means that the endpoint well protected.		 Improve your network security with Check Point Threat Prevention and Endpoint Security solutions by following these steps:

Network & Cloud

  1. Enable the Threat Emulation blade.
  2. Enable the Threat Extraction blade to strip the files from malicious content.


Endpoint

Improve your network security with Check Point Endpoint Security that includes Threat Emulation blade, whose default settings block Zero Day attacks.
Identity
Theft		 Network & Cloud

This test generates connections to a phishing site through your network.

A successful communication attempt is an indication that you could fall prey to a phishing attack and your personal information could be stolen.

CheckMe simulates this test by loading the favicon.ico file from the following site:

  • http://www.fkiinqdfc9un.xyz/login/assets/img/fav.ico
 Network & Cloud

Improve your network security with Check Point Threat Prevention solution that includes URL Filtering blade.

Ensure that phishing and High Risk categories are configured in "Prevent" mode in the URL Filtering policy to protect your computer from this threat.
Anonymous Network & Cloud

This test connects to an anonymizing site through your network.

CheckMe simulates this test by attempting to access:

http://proxy.my-addr.com/favicon.ico		 Network & Cloud

Improve your network security with Check Point Threat Prevention solution that includes URL Filtering blade.

Ensure that anonymizing sites are blocked by the URL Filtering policy.
Data Leakage Network & Cloud

This test generates a traffic structured as credit card numbers (over HTTP and HTTPS) to public sites through your network.

CheckMe simulates this test by posting:

    • 4580-0000-0000-0000, 5500 0000 0000 0004, 4024 0071 0007 2775, 4024007117885730, 4024007186169115

      to:


  • http://www.cpcheckme.com/check/testsAssets/post.html

Note: This test is not supported for Capsule Cloud.		 Network & Cloud

Improve your network security with Data Loss Prevention (DLP) blade.

Ensure that PCI - Credit Card Numbers are blocked by the DLP policy.
Persistent Malware Cloud

This test simulates persistent malware by downloading an exe file that and creates an EICAR file. In case that both files are deleted after few seconds the endpoint is well protected.		 Cloud

Improve your network security with Check Point Endpoint Security that includes Forensics.


CheckMe application for your Android device

Show / Hide this section
  1. Search for CheckMe app in Google Play.


  2. Download CheckMe app into your mobile device. 
  3. Start the scan in your mobile device and find your exposure to operational system vulnerabilities, SMiShing, malicious applications and malicious files.




Tests Specifications & Remediation Guidelines for CheckMe Mobile application

The table below summarizes the mobile device tests that were used during the mobile scan and explain how to remediate each threat.

Threat Test Description Remediation Guidelines
Root Checker

CheckMe app scans your device and check if the device is rooted and exposed to security flaws and vulnerabilities.

Improve your security with Check Point Sandblast Mobile.

In addition, it is recommended to backup and restore your device.
    Unknown Source

    CheckMe app scans your device and check if the ability to install application from unknown sources is turned on.

    Installing applications from unknown sources can risk your device and privacy.

      It is recommended to install applications only from trusted sources. Disable unknown source applications.
      USB Debugging

      CheckMe app scans your device and checks if USB debugging is turned on. USB debugging mode is designed for development use only. When turned on, your private data might be at risk.

        		 It is recommended to disable USB debugging mode.
        Malicious Applications CheckMe app scans your device and checks if malicious applications have been installed. If a malicious application has been installed, the device can be compromised, be tracked and lose sensitive information. Improve your security with Check Point Sandblast Mobile. Remove the malicious applications from your device.
        Malicious Files

        CheckMe app scans your device and checks if any malicious files have been saved on the device. If malicious files exist on the device, it can be compromised, be tracked and lose sensitive information.

          Improve your security with Check Point Sandblast Mobile.

          Remove the malicious filed from your device.

          Note that CheckMe app is currently supported for Android devices only.



          FAQ

          Show / Hide this section

          • Can CheckMe cause any damage to a computer that runs these tests?

            All tests are secured and there is no risk to the user's devices and network.
            The administrator may see alerts in the security system that notify about the tests simulation.

          • Does CheckMe test my computer or my network security?

            With the new version of CheckMe it is possible to assess the customer's network, endpoint or cloud environments (AWS/Azure). The users should select the environments they wish to assess in the welcome page.

          • How CheckMe simulates the threats?

            Network and Cloud assessment:

            CheckMe uses JavaScript functions that run in the context of the page and do the following:

              1. Download a “malicious” file from cpcheckme.com over HTTP, HTTPS and ZIPed

              1. Post “sensitive” data to cpcheckme.com

            1. Load images from bad domains (domains with bad reputation)

            Endpoint:

            CheckMe download a binary to the customer's desktop which simulates the "malicious" behaviour.

            Each threat includes one or more test that can take part in the attack vector. For example: The final phase of bot infection is the use of command and control sites for remote administration of the malware. CheckMe simulates the C&C protocol, which can be a part of the bot infection threat and can indicate if the network is exposed to bot infection.

          • Why is CheckMe flagged as not secure by a browser when you open the URL?

            Since there are tests over http, the site must be http as well. That does not mean that the site is not secured.



          Revision History

          Show / Hide this section
          Date Description
          20 Mar 2018
          • Updated the tests table.
          • Added 2 new threats
          19 Oct 2017
          • Updated the description of "Identity Theft / Phishing Attack".
          25 Sep 2017
          • Updated the link to favicon.ico file for "Anonymizer usage".
          27 Aug 2017
          • Updated the description of "Browser attack".
          26 July 2017
          • Updated the links to favicon.ico file for "Identity Theft / Phishing Attack".
          • Updated the link to favicon.ico file for "Anonymizer usage".
          23 July 2017
          • Updated the links to favicon.ico file for "Identity Theft / Phishing Attack".
          15 Mar 2017
          • Updated the description of and remediation guidelines for "Zero Day Attack".
          • Updated the description of and remediation guidelines for "Identity Theft / Phishing Attack".
          02 Mar 2017
          • Updated the description of "Ransomware attack".
          • Updated the description of and remediation guidelines for "Browser attack".
          • Added a note that Sensitive data leakage tests are not supported for Capsule Cloud.
          20 Feb 2017
          • Removed "Beta Version" from the article title.
          • Renamed from "Browser Code Injection" to "Browser attack".
          • Updated the tests that simulate a "Browser attack".
          • Improved the remediation guidelines for "Browser attack".
          • Added a note that Ransomware Attack tests are not supported for 600/700/1100/1200R/1400 appliances.
          12 Feb 2017
          • Improved the remediation guidelines for "Zero Day Attack".
          07 Feb 2017
          • Improved all the remediation guidelines.
          05 Feb 2017
          • Changed the design of this article.
          • Upgraded the CheckMe service.
          09 Jan 2017
          • Minor text improvements.
          09 Jan 2017
          • Added notes that this service simulates the attacks without any actual risk for customer's environment.
          05 Jan 2017
          • First release of this article.

          Give us Feedback
          Please rate this document
          [1=Worst,5=Best]
          Comment 

          SECURE YOUR EVERYTHING

          ©

          Copyright | Privacy Policy
          Follow Us