You can have your anti-virus package scan for viruses, but that's not the whole story. Similarly, you can shut off access to instant messaging from all the sources out in the ether from which it is available. Doing that, of course, closes a big window of vulnerability to all sorts of nasty entities that want to do damage to your network.
But just what files are the ones that you should stop?
We all know by now that you have to tell users not to open any .exe files on a Windows workstation. These files are, of course, executables that may easily not be benign. But you don't have to be content with that. You can set your firewall to reject such files. That way, the user doesn't have to make a decision
Are there other files that you should be blocking? Well, of course. For example, are you letting Visual Basic Scripts through the firewall? That's not a good idea, as a VB script can do about as much damage as an executable.
Executables and VB scripts are part of a general class of leave-behind files called Trojan horses that hackers
Besides the aforementioned executables, there are other files you should not allow into your system, and you should block at the firewall. These include drivers, hyper-text application files, screen saver programs, system files with the .sys suffix, and a variety of other files, such as various database executables that either can execute on their own, or that can contain code that can execute once inside your infrastructure. Block files of these types and you've gone a long way towards making your Exchange server, and your IT infrastructure as a whole, more secure.
For a further discussion of Trojan horses, see the article on InformIT, Trojan Horses, which discusses these malicious programs in detail.
David Gabel has been testing and writing about computers for more than 25 years.
This was first published in May 2004