Best State of Art IT Security Solutions
The best Innovative and powerful IT Security products

Resources / IT Security Resources Part3 /

Test Your Security Policy 

The tools below will let you test your security policy. The following tests focus on a specific security domain in the product’s security policy.
You can also request a free vulnerability scan of your IP address.
 

Intrusion Prevention Security Engine Testing

Test Denial of Service (DoS) 

Description: Denial of Service is an attack that causes an application to stop responding so that the user has no choice but to close it. In some cases, this exploit can be leveraged into a remote code execution attack by using an exploitable buffer overflow. The link below is a harmless example that will cause Internet Explorer to close on an unprotected machine.
 
Guidelines: Click on the link below to test your Vulnerabilities and Exploits policy. If you receive the "Security Status: You are safe" message, your Vulnerability Protection engine is active. If you receive the message "Security Status: You are vulnerable", it means that your Vulnerability Protection engine is not setup properly. When clicking on "Run Demo", your browser will crash.
 
Solution: To prevent this malicious code from entering your network, make sure to enable the Vulnerability Protection service.
 
 
Test Remote Code Execution (RCE)
 
Description: The Remote Code Execution attack allows an unauthorized party to remotely control your computer and steal confidential information. The attacker can also create or delete files and basically do anything with your system.
 
Guidelines: Click on the link below to test your Vulnerabilities and Exploits policy. If you receive the "Security Status: You are safe" message, your Vulnerability Protection engine is active. If you receive the message "Security Status: You are vulnerable", it means that your Vulnerability Protection engine is not setup properly.
 
Solution: To prevent this malicious code from entering your network, make sure to enable the Vulnerability Protection service.
 
 
Test Phishing
 
Description: Phishing is an attack designed to steal data from an unsuspecting user. This can be done by disguising a malicious website as a known and trusted one (e.g., a bank website or a webmail website) and tempting the user to enter his personal information via a fake login screen and so forth.
 
Guidelines: Click on the link below to test your Vulnerabilities and Exploits policy. If you receive the "Security Status: You are safe" message, your Vulnerability Protection engine is active. If you receive the message "Security Status: You are vulnerable", it means that your Vulnerability Protection engine is not setup properly.
 
Solution: To prevent this malicious code from entering your network, make sure to enable the Vulnerability Protection service.
 
Behavior Profile Security Engine Testing
 
Test Code Obfuscation of Malicious Script (COMS)
 
Description: Code Obfuscation is a methodology used by malicious code writers to obfuscate their harmful code. It uses encryption and encoding in order to garble the original source code, therefore making it harder to analyze.
 
Guidelines: Click on the link below to test your Behavior profile policy. If you receive "Security Status: You are safe" message, your Behavior policy is active. If you receive the message "Security Status: You are vulnerable", it means that your Behavior profile engine is not set up properly.
 
Solution: To prevent this malicious code from entering your network, make sure to enable the [Block Malicious Scripts by Behavior] rule in your security policy.
 
Links: This demo is based on a known vulnerability in web browsers.
 
Test JavaScript/VB Script
 
Description: JavaScript/VB Script are codes that can be embedded into a webpage to add functionality. This added functionality and flexibility results in exposure to some security risk.
 
Test Java Applet
 
Description: Java applets are programs designed to execute on another program (usually a web browser). Since java applets run without user intervention, the JVM (Java Virtual Machine) enforces some limitations upon it. These limitations include writing files to the local computer, reading files, program execution, registry manipulation, and so on.
 
However, there are some security vulnerabilities (See: CAN-2005-3906) that allow malicious applets to bypass these limitations. As such, any applet that tries to perform any of the restricted actions should be blocked regardless of the bypass technique, if there are any used.
 
Guidelines: Click on the link below to test your Intrusion Prevention. If you receive "Security Status: You are safe" message, your Intrusion Prevention is active. If you receive the message "Security Status: You are vulnerable", it means that your Intrusion Prevention engine is not setup properly.
 
Solution: To prevent this malicious code from entering your network, make sure to enable the Intrusion Prevention service.
 
Links: This demo is based on a vulnerability that is already patched. The below applet will try to create a file (AppletDemo.txt), on C:secpoint. As described above, since this applet tries to perform potentially illegal and dangerous operations, it should be blocked (if your machine is patched, no file will be created).
 
Anti-Virus Security Engine Testing
 
Test Anti-Virus
 
Description: EICAR, the European Institute for Computer Anti-Virus Research, had developed a test file that an Anti-virus product “detects" as if it were a virus. This is for testing as a real virus, and does not include any fragments of viral code.
Guidelines: Click on one of the links below to test your anti-virus policy. If the download dialog appears, your anti-virus policy is not active. If you see the Vital Security alert message, it means that your anti-virus policy is working properly.
 
Solution: To prevent this malicious code from entering your network, make sure to enable your anti-virus service.
 
URL Filtering Security Engine Testing
 
Test URL Filtering
 
Description: Perform the following test in order to validate weather the URL filtering engine works correctly
 
Guidelines: Click on the link below to test your URL Filtering policy. The URL below will lead to a site that is categorized as hacking site, and therefore should be blocked. If you receive the Vital Security alert message, your URL Filtering policy is active. If you get to the actual hacking site, it means that your URL Filtering policy was not setup correctly.
 
Solution: To prevent this malicious code from entering your network, make sure to enable the Web Content Filter.
  
 
 

➤ Related pages
Anti Cracking Tips & Tricks
Anti Cross Site Scripting (XSS)
Block Email Junk
Choose Vulnerability Scanning?
Email & Spam Test Links
How to Get Rid of a Trojan Horse
Internet Information Services (IIS)
IT Security Gurus
Pen Test Appliance
Server Misconfiguration
SharePoint Multi-Tier Attacks
Spam Blocker
SQL Server Stored Attacks
Stop Spam
Technology Papers
Test Your Security Policy
Top 10 Cloud Computing Services
WiFi WEP Encryption Cracking Guide
WiFi WPA & WPA2 Guide
Worldwide Security Events

Powerful UTM Firewall, Vulnerability Scanner, WiFi Penetration Testing software

SecPoint is specialized to deliver the best IT security solutions and products.

Compatible with Product
Securely protected by SecPoint
Customer reference King Customer reference New York Customer reference ROC Customer reference Rochdale Customer reference Roscrea Customer reference Tradetracker Customer reference Unicef Customer reference King Customer reference New York Customer reference Roc Customer reference Rochdale Customer reference Roscrea Customer reference Tradetracker Customer reference Unicef