This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Paul_Hewitson
Contributor
‎2019-05-08 08:43 AM

URLs for Category Testing

Hi,

A customer would like to be able to test that a deployed URL Filtering policy is working correctly and blocking or allowing access to different groups of users.

Do Check Point provide a similar database of URLs to that seen at testwebsensedatabase.com (ForcePoint) so that specific categories can be confirmed to be blocked for certain users without having to try and visit a site that belongs to that category?

Clearly they don't want to be trying to go legitimate pornography sites or other questionable sites just to confirm the policy is correctly applied.

Thanks

0 Kudos
23 Replies
Nick_Doropoulos
Advisor
‎2019-05-08 09:23 AM

Hi Paul,

I'm pretty sure that similar questions have been raised on Check Mates before and I don't believe that there is such a 'database' (not one that Check Point offers anyway). You can verify URL categorization as outlined on sk69200 but no, I don't think there is such a database.

 

 

 

Gingerwerewolf
Contributor
‎2022-02-04 03:39 AM
In response to Nick_Doropoulos

Is this what you are looking for?

http://www.cpcheckme.com/checkme/

0 Kudos
PhoneBoy
Admin
Admin
‎2019-05-08 10:22 AM

You can see what category a particular URL will map via https://urlcat.checkpoint.com/
What the policy will be for a given user can't be seen here.

Interestingly, Google Chrome marks http://testdatabasewebsense.com/ as malicious.
Also, the background image for this site is being flagged by ThreatCloud as malicious.

As far as I know, we don't have our own such page, but I'll ask around.
Tomer_Sole
Mentor
Mentor
‎2019-05-08 12:14 PM
In response to PhoneBoy

http://www.cpcheckme.com/checkme/

PhoneBoy
Admin
Admin
‎2019-05-08 04:15 PM
In response to Tomer_Sole

That might work for seeing if malicious content, but it doesn't check if my policy is blocking a specific content category for a specific user.
They aren't known "safe" URLs that trigger the various App Control/URL Filtering categories similar to the URLs we maintain for Threat Prevention blades.
0 Kudos
Paul_Hewitson
Contributor
‎2019-05-09 01:17 AM
In response to Tomer_Sole

That's interesting. Although it won't test URL Categories for me, it looks like a useful test for whether various blades are functioning.
0 Kudos
Tomer_Sole
Mentor
Mentor
‎2019-05-09 01:35 AM
In response to Paul_Hewitson

Yes! Are you all green?
Regarding URL tests, I want to believe the names of the categories are self-explanatory and when you pick them, you already know in mind which specific sites you don't want to use. Can you give me an example of a category where you are not sure which examples are relevant?
0 Kudos
Paul_Hewitson
Contributor
‎2019-05-09 01:59 AM
In response to Tomer_Sole

I've not run the tool Tomer. I would need the customer to run it.

Well an example might be malicious sites. Customer wants to be sure they are blocked without visiting them. Even if they know a URL that is categorised as such, should they be testing to a 'genuine' malicious site to see if the policy works? If it's not configured properly and then they connect to the malicious site rather than being blocked they've now potentially infected or exposed themselves.

0 Kudos
AdriMallorqui
Explorer
‎2023-02-15 07:48 AM
In response to Paul_Hewitson

Hello, any updates on this case? I am having the same issue, unable to test the configured policies with safe sites. I requested Check Point to categorize test pages from other parties accordingly to their categories (currently, they are all categorized as Computer/Internet), as recommended in sk98489, but they just dismissed my requests without any explanation... Please, if you know of any safe testing pages that Check Point has categorized correctly, could you share them with the community?

0 Kudos
PhoneBoy
Admin
Admin
‎2023-02-15 11:11 AM
In response to AdriMallorqui

Last time I looked (which I admit was a while ago), each URL Filtering category should have a couple of example URLs.
We don’t have a central list, though.

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-02-16 12:51 AM
In response to PhoneBoy

Indeed this is visible in SmartConsole / Object explorer as seen here:

 

example.png

See also: https://usercenter.checkpoint.com/ucapps/urlcat/categories

CCSM R77/R80/ELITE
0 Kudos
AdriMallorqui
Explorer
‎2023-02-16 02:29 AM
In response to Chris_Atkinson

Thank you for your comments, guys. Yes, I am aware some examples are visible in SmartConsole, but let me explain why I think we need safe testing sites anyway:

1- For malicious or content-sensitive categories, we would prefer not to visit the actual web pages. For example, SmartConsole suggests xvideos.com for the Pornography category (do I really need to browse to an actual pornography site to check if my policy is correctly configured?), and no examples are provided for the Spyware / Malicious Sites category, at least in my SmartConsole version (so how do I check it?).

2- For non-malicious categories, some of the examples do not exist anymore (e.g., anonymizer.com), and most of them use only HTTPS currently, and we would like to check the policies before deploying HTTPS inspection.

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-02-16 05:10 AM
In response to AdriMallorqui

You don't need to browse to the sites you can test URLs here: https://urlcat.checkpoint.com/urlcat/

CCSM R77/R80/ELITE
0 Kudos
AdriMallorqui
Explorer
‎2023-02-16 06:06 AM
In response to Chris_Atkinson

I am aware of it, but this is only helpful to see how Check Point categorizes an URL. We want to test if our configured policy is working as expected (so we need to surf to an actual page to check if the firewall is blocking that category).

0 Kudos
PhoneBoy
Admin
Admin
‎2023-02-16 07:57 AM
In response to AdriMallorqui

HTTPS Categorization needs to be enabled (should be by default), but it should not be required to deploy HTTPS Inspection to categorize URLs in most cases.

0 Kudos
AdriMallorqui
Explorer
‎2023-02-17 02:00 AM
In response to PhoneBoy

As you say, it is not required to categorize URLs, but it is to show the blocking page (otherwise, we only see a CONNECTION_RESET error message in the browser). Nonetheless, the issue with the need to surf to actual pornography pages to check the policy is still unresolved without safe testing pages.

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-02-17 02:59 AM
In response to AdriMallorqui

Why do you believe that if you check the category of a URL on the URLCAT page and block this category in your policy that it wouldn't be effective?

CCSM R77/R80/ELITE
0 Kudos
AdriMallorqui
Explorer
‎2023-02-17 03:05 AM
In response to Chris_Atkinson

We are in an academic environment, students are learning, and they make mistakes. To verify their progress and continue to the next stages of the training, they need to check with us that their policies are correctly applied. As Check Point Academy instructors, we strongly believe that safe test pages are needed, and we do not want students to browse actual pornography or malicious sites to check their policies. I hope this is understandable.

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-02-17 04:17 AM
In response to AdriMallorqui

Thanks for clarifying the use case, it is different. Have you already raised this with the Secure Academy team as a requirement? If yes I will follow-up with them.

In the interim it sounds like something that may be overcome with a combination of DNS manipulation and a honeypot for such an environment (if not a basic category override).

CCSM R77/R80/ELITE
0 Kudos
AdriMallorqui
Explorer
‎2023-02-17 04:41 AM
In response to Chris_Atkinson

Can you please provide further information on how to raise the case with the Secure Academy team? Thank you for your kind answers throughout the process.

The workaround we've been doing is to configure a category override for the safe testing sites, but if Check Point did it permanently on its database, it would be ideal.

0 Kudos
Chris_Atkinson
Employee Employee
Employee
‎2023-02-17 04:55 AM
In response to AdriMallorqui

I would start by reaching out to secureacademy(at)checkpoint.com and go from there.

 

CCSM R77/R80/ELITE
0 Kudos
Lich
Participant
‎2020-10-31 11:02 PM
In response to PhoneBoy

Any Idea where I can get the list of URLs that the IPS is blocking ?

0 Kudos
Gingerwerewolf
Contributor
‎2022-02-04 03:24 AM
In response to Lich

This would be VERY useful as well! 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events