Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

exe as data exchange format for download on an insurance Web portal - is it security issue?

Posted on 2011-10-26
5
Medium Priority
?
344 Views
Last Modified: 2012-05-12
Hi experts,

we support a web portal for a big insurance company. There is a functionality there, that lets some internal department upload a files (some sell statistics, etc.) for external clients and partners.
This department use different formats for it and started to use the selfextracting winrar archives of some .PDFs with .exe extention. The .exe are secure, as they are prepared inside the company.
The reason was to give the external users without archive programms to get the data easily.

Is it a security issue, using .exe as exchange format for downloads on a Web portal?
If yes, what problems may it cause? Is it probable, that Web portal will be seen as 'unsecure' from some firewalls / antivirus programms?

In Wiki http://en.wikipedia.org/wiki/Self-extracting_archive is mentioned, that:
"The main downside of self-extracting archives is that running executables downloaded from the Internet may pose a security risk... ", but it address more private users, not a

The company doesn't have a rule about it yet, so we have to describe reasons, why it is (or is not) a security problem.

Thanx in advance.

0
Comment
Question by:inversojvo
  • 3
  • 2
5 Comments
 
LVL 65

Accepted Solution

by:
btan earned 2000 total points
ID: 37037005
Actually how do we even know that the upload is legitmate exe. from the user? Imagine the case a infected machine using current login session to upload other exe and user is not aware. Is there content filter to check the exe really is containing pdf or document only? The point is exe is typically restricted format for such portal access as the portal can become a malware propagation repository. We try to avoid it and in yoir case it need not be self extracting exe, can be zip only.

The portal would typically be screened btw firewall and even content filter like bluecoat  to scan malicious known threat data. If there is none of it, safeguard is relying on user machine uploading but yoi cannot control or inspect them prior to access, of course there is soln but add in further health check that can be another phase of improvement. But even then if zip is pasword protect, no scanner can check for malware. So ideally dont even allow active content where possible. Go for document format, access control the receipents, content filter with av check like what email engine on attachment.

just some quick thoughts
0
 

Author Comment

by:inversojvo
ID: 37055760
Thank you for your quick thoughts, breadtan!

the uploaded files are uploaded only from some persons from an internal department and the content is availalbe only for registered users (several thousands, perhaps).

Are there more such scan services like bluecoat and what happens normally in a case, if the web-site is found containing malware files? Are there smth. like 'black lists' with such URLs?
I mean is there a risk, that the company image is damaged in a result?

0
 
LVL 65

Expert Comment

by:btan
ID: 37056932
Typically the content filter based on policy can alert and quarantine the data, not lettong it pass through. The log will have this event recorded if desired.

There is definitely other services beside bluecoat such as those stated in link below
 http://m.lifehacker.com/5312820/five-best-content-filtering-tools
0
 
LVL 65

Expert Comment

by:btan
ID: 37057000
Blacklist url are available and normally typically from bad dns link. Check out this
 http://en.m.wikipedia.org/wiki/Comparison_of_DNS_blacklists

Of course it can also be the blacklisting of ip address but that itself is not reliable since addresses are dynamic from internet and changing always. Blacklisted dns is common which minimally stop rogue source. Another means is via reputation services subscription which AV folks are big time with it. E.g trend micro has file filtering services

 http://www.virusexperts.org/security-channel/file-reputation-the-new-protection-technology-from-trendmicro-video/
0
 

Author Closing Comment

by:inversojvo
ID: 37057002
Thank you!!
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Suggested Courses

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question