Tip

Recognize and stop malicious files at the gate

You know that when you're administering Exchange that you have to take security precautions. Bad things can get through to your Exchange server if you don't. Worse, users can inadvertently bring in files that can play royal hob with your entire network. This isn't new information. The whole series of viruses, hacks, DoS attacks and more that we have seen over the past couple of years makes stopping malicious files a high priority.

You can have your anti-virus package scan for viruses, but that's not the whole story. Similarly, you can shut off access to instant messaging from all the sources out in the ether from which it is available. Doing that, of course, closes a big window of vulnerability to all sorts of nasty entities that want to do damage to your network.

But just what files are the ones that you should stop?

We all know by now that you have to tell users not to open any .exe files on a Windows workstation. These files are, of course, executables that may easily not be benign. But you don't have to be content with that. You can set your firewall to reject such files. That way, the user doesn't have to make a decision

Are there other files that you should be blocking? Well, of course. For example, are you letting Visual Basic Scripts through the firewall? That's not a good idea, as a VB script can do about as much damage as an executable.

Executables and VB scripts are part of a general class of leave-behind files called Trojan horses that hackers

    Requires Free Membership to View

and others have used to get inside computers to which they have no legitimate access and perform some illicit action there. The name comes from The Iliad, Homer's classic tale of the siege of Troy. After a 10-year siege, the Greek forces decided that there was no way they could storm the walls of Troy with a frontal attack, they settled on a ruse. They constructed a wooden horse, in which were secreted a small number of warriors. Then the Greek fleet sailed away, but only a short distance. The Trojans took the horse inside the city, where the soldiers exited the horse and threw open the city gates, allowing the rest of the Greek warriors into the city, whence they burned the place down. Trojan horse files can do the equivalent with your computer infrastructure, and hence the name.

Besides the aforementioned executables, there are other files you should not allow into your system, and you should block at the firewall. These include drivers, hyper-text application files, screen saver programs, system files with the .sys suffix, and a variety of other files, such as various database executables that either can execute on their own, or that can contain code that can execute once inside your infrastructure. Block files of these types and you've gone a long way towards making your Exchange server, and your IT infrastructure as a whole, more secure.

For a further discussion of Trojan horses, see the article on InformIT, Trojan Horses, which discusses these malicious programs in detail.


David Gabel has been testing and writing about computers for more than 25 years.

This was first published in May 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.