General discussion

Locked

Extension Blocking, The Debate

By LordInfidel ·
I am opening up this debate in order to field people's views on this.

Over the past several months since I have begun sharing my views about
extension blocking. I have received lot's of e-mail from people asking
me about extension blocking.I also have been critizied for advocating my view from other admins.
Admins who I would of have thought would be open and supporting to the idea.

When I made the decision 2 years ago to begin blocking extensions at the mail gateway.
It was to prevent my end users to receiving vbs scripts. I noticed that my end users
could not be trusted on their own to not execute the attachment. I also noticed that the
various AV products out there were not picking up the viruses.

Now what I am advocating is not new. I did not come up with the idea, nor was I the first
admin to employ such a tactic.

I am however one of it's most vocal advocates.

I have always sworn by the old adage, "Burn me once, shame on you, Burn me twice, shame onme."

As admins and IT professionals, if we do not learn from the past and from our mistakes, then how will
we ever learn at all.

So with those points in mind. I will now open the floor to debate.

Feel free to disagree with me and discussthe finer points of security.

I do urge people that before blasting another person on this debate. Be certain who you are blasting.
Read their profile. Look over some of their other posts. We are all reasonable people here, there is no
need for mud slinging.

This conversation is currently closed to new comments.

35 total posts (Page 4 of 4)   Prev   02 | 03 | 04
Thread display: Collapse - | Expand +

All Comments

Collapse -

What a WASTE!

by mishratron In reply to Extension Blocking, The D ...

Dude I can sum up my dissagreement in one brief discription of our server room

lotus notes servers running norton antivirus corporate edition 2002 with live updates every night (assuming there is an update) new nav deff's weekly plus emergency definitions.

nimda lasted exactly 8 hours in our organization, when the nav deffs arrived it died
flat out

quarrentine everything

Collapse -

Are you agreeing or disagreeing?

by LordInfidel In reply to What a WASTE!

I was kind of confused by your statements?

Nimda was primaraliy a IIS Index Server exploit. If index server was not running on your servers and the ida and idq mappings were not there, then you should of have been safe.

Sorry about your org having lotus notes and norton. Talk about having 2 strikes against you.

But I somewhat agree with the qurrantine everything attitude. But it must be done within reason. Which is why I prefer to customize the list of extenstions that I block/quarrantine rather then flat out quarrantine all attachments.

Collapse -

Agree, And...

by RDSchaefer In reply to Extension Blocking, The D ...

I heartily agree with you. Most users don't seem to realize that the Corporate email system is NOT their personal, private communications system. The hardware and software are owned by the company and we can/must do whatever is necessary to protect the business.

If blocking is not allowed by mgt., there is another alternative. Setting the following reg keys will foil almost all email script attachments from running:

------------Start----------------------------
REGEDIT4

[HKEY_CLASSES_ROOT\JSEFile\Shell\Open\Command]
@="C:\\WINDOWS\\Notepad.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\JSEFile\Shell\Open2\Command]
@="C:\\WINDOWS\\Notepad.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\JSFile\Shell\Open\Command]
@="C:\\WINDOWS\\Notepad.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\JSFile\Shell\Open2\Command]
@="C:\\WINDOWS\\Notepad.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\VBEFile\Shell\Open\Command]
@="C:\\WINDOWS\\Notepad.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\VBEFile\Shell\Open2\Command]
@="C:\\WINDOWS\\Notepad.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\WSFFile\Shell\Open\Command]
@="C:\\WINDOWS\\Notepad.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\WSFFile\Shell\Open2\Command]
@="C:\\WINDOWS\\Notepad.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\WSHFile\Shell\Open\Command]
@="C:\\WINDOWS\\Notepad.exe \"%1\" %*"

[HKEY_CLASSES_ROOT\WSHFile\Shell\Open2\Command]
@="C:\\WINDOWS\\Notepad.exe \"%1\" %*"

-----------End-----------------------------

Ralph

Collapse -

Never thought about that....

by LordInfidel In reply to Agree, And...

I do like things opening up in notepad. Hard to run things when they are in plain text.

The only thing I can see to this is for large orgs. It might be dificult to deploy this method. Unless all machines are equal os' and yo can just create the keys and then import them as soon as you build the machine.

I can see the validity in it.

Thanx for the info.

Collapse -

A Network Is NOT A Democracy

by difster In reply to Extension Blocking, The D ...

My clients hire me to maintain and secure their networks. Users don't get to vote on what I do. If your brother sends you that cool mpeg he found; too bad, you can look at it from home. I am what you would call a benevolent dictator when it comesto my networks. I allow people to make a case but ultimately it's my butt so I do what's best for the network (even if it makes my job harder).

Back to IT Employment Forum
35 total posts (Page 4 of 4)   Prev   02 | 03 | 04

Related Discussions

Related Forums