Block dangerous file downloads from WAN to LAN..

[Guest gstar]

Hi,

I am sure this is not a new subject but I have to find a method to

stop LAN users from downloading exe, vbs, cmd, bat files from the

internet to our LAN.

 

This is not possible on my hardware firewall unless the file is

infected with a virus or malware and using the IE file download

restrictions prevents them from downloading anything, even PDFs

online.

 

Is there not a method we could use to rstrict certain filetypes only

and roll this out via GPO? So far I have used a GPO to disable file

downloads, then added our intranet sites to the trsuted zones which is

great but when users for example need to read PDFs from the web they

are blocked.

 

I am sure I'm not the first to ask this question but cannot locate any

information on how others have got round this, especially in this day

and age with the web threats around..

 

Cheers.

[Guest Leythos]

Re: Block dangerous file downloads from WAN to LAN..

 

In article <1193658928.485784.65520@22g2000hsm.googlegroups.com>,

gary.brett@gmail.com says...

> Hi,

> I am sure this is not a new subject but I have to find a method to

> stop LAN users from downloading exe, vbs, cmd, bat files from the

> internet to our LAN.

>

> This is not possible on my hardware firewall unless the file is

> infected with a virus or malware and using the IE file download

> restrictions prevents them from downloading anything, even PDFs

> online.

 

What Firewall - I know for a fact that WatchGuard Firebox X Core series

has HTTP Proxy rules that allow you to specify the file by extension to

be blocked, not only in HTTP but also in SMTP sessions.

 

If your firewall doesn't do what you want, sell it and get a WatchGuard

that does what you need.

> Is there not a method we could use to rstrict certain filetypes only

> and roll this out via GPO? So far I have used a GPO to disable file

> downloads, then added our intranet sites to the trsuted zones which is

> great but when users for example need to read PDFs from the web they

> are blocked.

>

> I am sure I'm not the first to ask this question but cannot locate any

> information on how others have got round this, especially in this day

> and age with the web threats around..

 

We block attachments and content BEFORE they reach the network or users,

so that we don't allow them to make a decision and we don't rely solely

on AV solutions (yes, we use AV, but we don't count on it always

working).

 

--

 

Leythos

- Igitur qui desiderat pacem, praeparet bellum.

- Calling an illegal alien an "undocumented worker" is like calling a

drug dealer an "unlicensed pharmacist"

spam999free@rrohio.com (remove 999 for proper email address)

[Guest gstar]

Re: Block dangerous file downloads from WAN to LAN..

 

> What Firewall - I know for a fact that WatchGuard Firebox X Core series

> has HTTP Proxy rules that allow you to specify the file by extension to

> be blocked, not only in HTTP but also in SMTP sessions.

>

> If your firewall doesn't do what you want, sell it and get a WatchGuard

> that does what you need.

 

Hi, if only life was that easy and money was no object. I have 2

SonicWALL units that do not have the abilty to do this, I cant simply

throw then out and buy extra hardware unfortuntely..

 

Cheers

 

G