Recognize and stop malicious files at the gate

Half the battle of securing Exchange is knowing which files you need to stop. This tip tells you what files you need to block from entering your e-mail system.

You know that when you're administering Exchange that you have to take security precautions. Bad things can get through to your Exchange server if you don't. Worse, users can inadvertently bring in files that can play royal hob with your entire network. This isn't new information. The whole series of viruses, hacks, DoS attacks and more that we have seen over the past couple of years makes stopping malicious files a high priority.

You can have your anti-virus package scan for viruses, but that's not the whole story. Similarly, you can shut off access to instant messaging from all the sources out in the ether from which it is available. Doing that, of course, closes a big window of vulnerability to all sorts of nasty entities that want to do damage to your network.

But just what files are the ones that you should stop?

We all know by now that you have to tell users not to open any .exe files on a Windows workstation. These files are, of course, executables that may easily not be benign. But you don't have to be content with that. You can set your firewall to reject such files. That way, the user doesn't have to make a decision

Are there other files that you should be blocking? Well, of course. For example, are you letting Visual Basic Scripts through the firewall? That's not a good idea, as a VB script can do about as much damage as an executable.

Executables and VB scripts are part of a general class of leave-behind files called Trojan horses that hackers and others have used to get inside computers to which they have no legitimate access and perform some illicit action there. The name comes from The Iliad, Homer's classic tale of the siege of Troy. After a 10-year siege, the Greek forces decided that there was no way they could storm the walls of Troy with a frontal attack, they settled on a ruse. They constructed a wooden horse, in which were secreted a small number of warriors. Then the Greek fleet sailed away, but only a short distance. The Trojans took the horse inside the city, where the soldiers exited the horse and threw open the city gates, allowing the rest of the Greek warriors into the city, whence they burned the place down. Trojan horse files can do the equivalent with your computer infrastructure, and hence the name.

Besides the aforementioned executables, there are other files you should not allow into your system, and you should block at the firewall. These include drivers, hyper-text application files, screen saver programs, system files with the .sys suffix, and a variety of other files, such as various database executables that either can execute on their own, or that can contain code that can execute once inside your infrastructure. Block files of these types and you've gone a long way towards making your Exchange server, and your IT infrastructure as a whole, more secure.

For a further discussion of Trojan horses, see the article on InformIT, Trojan Horses, which discusses these malicious programs in detail.


David Gabel has been testing and writing about computers for more than 25 years.

This was first published in May 2004
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchWindowsServer

SearchEnterpriseDesktop

SearchCloudComputing

SearchSQLServer

Close