exe as data exchange format for download on an insurance Web portal - is it security issue?

Hi experts,

we support a web portal for a big insurance company. There is a functionality there, that lets some internal department upload a files (some sell statistics, etc.) for external clients and partners.
This department use different formats for it and started to use the selfextracting winrar archives of some .PDFs with .exe extention. The .exe are secure, as they are prepared inside the company.
The reason was to give the external users without archive programms to get the data easily.

Is it a security issue, using .exe as exchange format for downloads on a Web portal?
If yes, what problems may it cause? Is it probable, that Web portal will be seen as 'unsecure' from some firewalls / antivirus programms?

In Wiki http://en.wikipedia.org/wiki/Self-extracting_archive is mentioned, that:
"The main downside of self-extracting archives is that running executables downloaded from the Internet may pose a security risk... ", but it address more private users, not a

The company doesn't have a rule about it yet, so we have to describe reasons, why it is (or is not) a security problem.

Thanx in advance.

inversojvoAsked:
Who is Participating?
 
btanExec ConsultantCommented:
Actually how do we even know that the upload is legitmate exe. from the user? Imagine the case a infected machine using current login session to upload other exe and user is not aware. Is there content filter to check the exe really is containing pdf or document only? The point is exe is typically restricted format for such portal access as the portal can become a malware propagation repository. We try to avoid it and in yoir case it need not be self extracting exe, can be zip only.

The portal would typically be screened btw firewall and even content filter like bluecoat  to scan malicious known threat data. If there is none of it, safeguard is relying on user machine uploading but yoi cannot control or inspect them prior to access, of course there is soln but add in further health check that can be another phase of improvement. But even then if zip is pasword protect, no scanner can check for malware. So ideally dont even allow active content where possible. Go for document format, access control the receipents, content filter with av check like what email engine on attachment.

just some quick thoughts
0
 
inversojvoAuthor Commented:
Thank you for your quick thoughts, breadtan!

the uploaded files are uploaded only from some persons from an internal department and the content is availalbe only for registered users (several thousands, perhaps).

Are there more such scan services like bluecoat and what happens normally in a case, if the web-site is found containing malware files? Are there smth. like 'black lists' with such URLs?
I mean is there a risk, that the company image is damaged in a result?

0
 
btanExec ConsultantCommented:
Typically the content filter based on policy can alert and quarantine the data, not lettong it pass through. The log will have this event recorded if desired.

There is definitely other services beside bluecoat such as those stated in link below
 http://m.lifehacker.com/5312820/five-best-content-filtering-tools
0
 
btanExec ConsultantCommented:
Blacklist url are available and normally typically from bad dns link. Check out this
 http://en.m.wikipedia.org/wiki/Comparison_of_DNS_blacklists

Of course it can also be the blacklisting of ip address but that itself is not reliable since addresses are dynamic from internet and changing always. Blacklisted dns is common which minimally stop rogue source. Another means is via reputation services subscription which AV folks are big time with it. E.g trend micro has file filtering services

 http://www.virusexperts.org/security-channel/file-reputation-the-new-protection-technology-from-trendmicro-video/
0
 
inversojvoAuthor Commented:
Thank you!!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.