Guest gstar Posted October 29, 2007 Posted October 29, 2007 Hi, I am sure this is not a new subject but I have to find a method to stop LAN users from downloading exe, vbs, cmd, bat files from the internet to our LAN. This is not possible on my hardware firewall unless the file is infected with a virus or malware and using the IE file download restrictions prevents them from downloading anything, even PDFs online. Is there not a method we could use to rstrict certain filetypes only and roll this out via GPO? So far I have used a GPO to disable file downloads, then added our intranet sites to the trsuted zones which is great but when users for example need to read PDFs from the web they are blocked. I am sure I'm not the first to ask this question but cannot locate any information on how others have got round this, especially in this day and age with the web threats around.. Cheers.
Guest Leythos Posted October 29, 2007 Posted October 29, 2007 Re: Block dangerous file downloads from WAN to LAN.. In article <1193658928.485784.65520@22g2000hsm.googlegroups.com>, gary.brett@gmail.com says... > Hi, > I am sure this is not a new subject but I have to find a method to > stop LAN users from downloading exe, vbs, cmd, bat files from the > internet to our LAN. > > This is not possible on my hardware firewall unless the file is > infected with a virus or malware and using the IE file download > restrictions prevents them from downloading anything, even PDFs > online. What Firewall - I know for a fact that WatchGuard Firebox X Core series has HTTP Proxy rules that allow you to specify the file by extension to be blocked, not only in HTTP but also in SMTP sessions. If your firewall doesn't do what you want, sell it and get a WatchGuard that does what you need. > Is there not a method we could use to rstrict certain filetypes only > and roll this out via GPO? So far I have used a GPO to disable file > downloads, then added our intranet sites to the trsuted zones which is > great but when users for example need to read PDFs from the web they > are blocked. > > I am sure I'm not the first to ask this question but cannot locate any > information on how others have got round this, especially in this day > and age with the web threats around.. We block attachments and content BEFORE they reach the network or users, so that we don't allow them to make a decision and we don't rely solely on AV solutions (yes, we use AV, but we don't count on it always working). -- Leythos - Igitur qui desiderat pacem, praeparet bellum. - Calling an illegal alien an "undocumented worker" is like calling a drug dealer an "unlicensed pharmacist" spam999free@rrohio.com (remove 999 for proper email address)
Guest gstar Posted October 29, 2007 Posted October 29, 2007 Re: Block dangerous file downloads from WAN to LAN.. > What Firewall - I know for a fact that WatchGuard Firebox X Core series > has HTTP Proxy rules that allow you to specify the file by extension to > be blocked, not only in HTTP but also in SMTP sessions. > > If your firewall doesn't do what you want, sell it and get a WatchGuard > that does what you need. Hi, if only life was that easy and money was no object. I have 2 SonicWALL units that do not have the abilty to do this, I cant simply throw then out and buy extra hardware unfortuntely.. Cheers G
Recommended Posts