You are here: Resources >> Test Your Security Policy
Test Your Security Policy
The tools below will let you test your security policy. The following tests focus on a specific security domain in the product’s security policy.
Intrusion Prevention Security Engine Testing
Test Denial of Service (DoS)
Description: Denial of Service is an attack that causes an application to stop responding so that the user has no choice but to close it. In some cases, this exploit can be leveraged into a remote code execution attack by using an exploitable buffer overflow. The link below is a harmless example that will cause Internet Explorer to close on an unprotected machine.
Guidelines: Click on the link below to test your Vulnerabilities and Exploits policy. If you receive the "Security Status: You are safe" message, your Vulnerability Protection engine is active. If you receive the message "Security Status: You are vulnerable", it means that your Vulnerability Protection engine is not setup properly. When clicking on "Run Demo", your browser will crash.
Solution: To prevent this malicious code from entering your network, make sure to enable the Vulnerability Protection service.
Links: DoS_Test.html
Test Remote Code Execution (RCE)
Description: The Remote Code Execution attack allows an unauthorized party to remotely control your computer and steal confidential information. The attacker can also create or delete files and basically do anything with your system.
Guidelines: Click on the link below to test your Vulnerabilities and Exploits policy. If you receive the "Security Status: You are safe" message, your Vulnerability Protection engine is active. If you receive the message "Security Status: You are vulnerable", it means that your Vulnerability Protection engine is not setup properly.
Solution: To prevent this malicious code from entering your network, make sure to enable the Vulnerability Protection service.
Links: RCE_Test.html
Test Phishing
Description: Phishing is an attack designed to steal data from an unsuspecting user. This can be done by disguising a malicious website as a known and trusted one (e.g., a bank website or a webmail website) and tempting the user to enter his personal information via a fake login screen and so forth.
Guidelines: Click on the link below to test your Vulnerabilities and Exploits policy. If you receive the "Security Status: You are safe" message, your Vulnerability Protection engine is active. If you receive the message "Security Status: You are vulnerable", it means that your Vulnerability Protection engine is not setup properly.
Solution: To prevent this malicious code from entering your network, make sure to enable the Vulnerability Protection service.
Links: Phishing_Test.html
Behavior Profile Security Engine Testing
Test Code Obfuscation of Malicious Script (COMS)
Description: Code Obfuscation is a methodology used by malicious code writers to obfuscate their harmful code. It uses encryption and encoding in order to garble the original source code, therefore making it harder to analyze.
Guidelines: Click on the link below to test your Behavior profile policy. If you receive "Security Status: You are safe" message, your Behavior policy is active. If you receive the message "Security Status: You are vulnerable", it means that your Behavior profile engine is not set up properly.
Solution: To prevent this malicious code from entering your network, make sure to enable the [Block Malicious Scripts by Behavior] rule in your security policy.
Links: This demo is based on a known vulnerability in web browsers.
Test JavaScript/VB Script
Description: JavaScript/VB Script are codes that can be embedded into a webpage to add functionality. This added functionality and flexibility results in exposure to some security risk.
Test Java Applet
Description: Java applets are programs designed to execute on another program (usually a web browser). Since java applets run without user intervention, the JVM (Java Virtual Machine) enforces some limitations upon it. These limitations include writing files to the local computer, reading files, program execution, registry manipulation, and so on.
However, there are some security vulnerabilities (See: CAN-2005-3906) that allow malicious applets to bypass these limitations. As such, any applet that tries to perform any of the restricted actions should be blocked regardless of the bypass technique, if there are any used.
Guidelines: Click on the link below to test your Intrusion Prevention. If you receive "Security Status: You are safe" message, your Intrusion Prevention is active. If you receive the message "Security Status: You are vulnerable", it means that your Intrusion Prevention engine is not setup properly.
Solution: To prevent this malicious code from entering your network, make sure to enable the Intrusion Prevention service.
Links: This demo is based on a vulnerability that is already patched. The below applet will try to create a file (AppletDemo.txt), on C:\secpoint. As described above, since this applet tries to perform potentially illegal and dangerous operations, it should be blocked (if your machine is patched, no file will be created).
Anti-Virus Security Engine Testing
Test Anti-Virus
Description: EICAR, the European Institute for Computer Anti-Virus Research, had developed a test file that an Anti-virus product “detects" as if it were a virus. This is not a real virus, and does not include any fragments of viral code. The file is a legitimate DOS program that shows the message, "EICAR-STANDARD- ANTI-VIRUS-TEST-FILE!"
Guidelines: Click on one of the links below to test your anti-virus policy. If the download dialog appears, your anti-virus policy is not active. If you see the Vital Security alert message, it means that your anti-virus policy is working properly.
Solution: To prevent this malicious code from entering your network, make sure to enable your anti-virus service.
URL Filtering Security Engine Testing
Test URL Filtering
Description: Perform the following test in order to validate weather the URL filtering engine works correctly
Guidelines: Click on the link below to test your URL Filtering policy. The URL below will lead to a site that is categorized as hacking site, and therefore should be blocked. If you receive the Vital Security alert message, your URL Filtering policy is active. If you get to the actual hacking site, it means that your URL Filtering policy was not setup correctly.
Solution: To prevent this malicious code from entering your network, make sure to enable the Web Content Filter.
Links: www.astalavista.box.sk
Read more about our services and products here: About SecPoint, IT Security Products, and IT Security Jobs.
