topic Re: CheckMe: FREE and Instant Network Security Assessment in Firewall and Security Management

CheckMe: FREE and Instant Network Security Assessment

Kaushal_Varshne — Wed, 26 Apr 2017 16:43:45 GMT

Check Point’s CheckMe is a free and instant network security assessment tool. Using a series of simulations, CheckMe instantly identifies security risks on your network, and provides you with a detailed report on network vulnerabilities and recommendations.

To learn more watch this 3-minute video - CheckMe: FREE and Instant Network Security Assessment - YouTube

Re: CheckMe: FREE and Instant Network Security Assessment

Danilo_Lara — Thu, 04 May 2017 18:31:10 GMT

CheckMe is a great tool. In fact it only checks if, in case of zero day analysis, it is allowed to download a malware file. I know we have the link to the malware file it tries to download in a SK, however, is this file a real malware?

Some customers are saying that if the file is downloaded, their endpoint solution should block the infection. I wanna know if I can ask the customer to download the malware file at their own risk to test their antimalware solutions.

Thanks!

Re: CheckMe: FREE and Instant Network Security Assessment

PhoneBoy — Thu, 04 May 2017 20:16:59 GMT

The point of the CheckMe test is to validate the efficacy of your existing security controls.

Which means it's entirely possible existing endpoint and/or network security controls will block the files.

The files in question exhibit behaviors that are consistent with malicious files.

Re: CheckMe: FREE and Instant Network Security Assessment

Elad_Goldenberg — Wed, 26 Jul 2017 07:33:40 GMT

Hi Danilo, keep in mind that CheckMe assess only the network so their endpoint solutions are not "part of the game" and they can't block CheckMe tests.

Re: CheckMe: FREE and Instant Network Security Assessment

Gomboragchaa — Wed, 23 Jan 2019 08:18:28 GMT

I admit to CheckMe is the easiest and fastest assessment tool.

We are using all Threat Prevention blades with Optimized Profile excluding Threat Extraction. Today I used to CheckMe(Network) assessment tool in environment. But the result is a disaster. We blocked Anonymizer, Critical Risk, Botnets, Tunnels and Phishing Application/Site_Group using Application Control Blade with URLF.

Maybe I'm doing something wrong?

Re: CheckMe: FREE and Instant Network Security Assessment

Elad_Goldenberg — Wed, 23 Jan 2019 08:28:34 GMT

Hi Gomboragchaa,

Are you sure that all blades are activated?

Did you review all the remediation steps in the report?

Re: CheckMe: FREE and Instant Network Security Assessment

Gomboragchaa — Wed, 23 Jan 2019 09:01:20 GMT

Hi Elad Goldenberg‌,

I reviewed remediation steps from report. Such as BROWSER EXPLOIT.

Remediation Guide:

The IPS is part of the NGTX and NGTP and it blocks cross-site scripting attack with its recommended / optimized profile. In case that IPS protections are not updated, enable cross-site scripting attempt in your IPS policy to protect your computer from this threat.

Reviewed Firewall Configs:

1. IPS Blade is active

2. I am using Optimized Profile on Threat Prevention.

3. Cross-Site Scripting Scanning Attempt protection must to prevent(default-config) on Optimized Profile.

4. IPS Blade is Up-to-date

Another thing: I used CheckMe again without any changes. Result is different.....

Re: CheckMe: FREE and Instant Network Security Assessment

Elad_Goldenberg — Wed, 23 Jan 2019 09:41:49 GMT

Gomboragchaa Jamganjav‌, can you confirm that the your traffic go through this GW?

Did you install policy?

let's continue the thread via emails. my email is eladgo@checkpoint.com