inversojvo
asked on
exe as data exchange format for download on an insurance Web portal - is it security issue?
Hi experts,
we support a web portal for a big insurance company. There is a functionality there, that lets some internal department upload a files (some sell statistics, etc.) for external clients and partners.
This department use different formats for it and started to use the selfextracting winrar archives of some .PDFs with .exe extention. The .exe are secure, as they are prepared inside the company.
The reason was to give the external users without archive programms to get the data easily.
Is it a security issue, using .exe as exchange format for downloads on a Web portal?
If yes, what problems may it cause? Is it probable, that Web portal will be seen as 'unsecure' from some firewalls / antivirus programms?
In Wiki http://en.wikipedia.org/wiki/Self-extracting_archive is mentioned, that:
"The main downside of self-extracting archives is that running executables downloaded from the Internet may pose a security risk... ", but it address more private users, not a
The company doesn't have a rule about it yet, so we have to describe reasons, why it is (or is not) a security problem.
Thanx in advance.
we support a web portal for a big insurance company. There is a functionality there, that lets some internal department upload a files (some sell statistics, etc.) for external clients and partners.
This department use different formats for it and started to use the selfextracting winrar archives of some .PDFs with .exe extention. The .exe are secure, as they are prepared inside the company.
The reason was to give the external users without archive programms to get the data easily.
Is it a security issue, using .exe as exchange format for downloads on a Web portal?
If yes, what problems may it cause? Is it probable, that Web portal will be seen as 'unsecure' from some firewalls / antivirus programms?
In Wiki http://en.wikipedia.org/wiki/Self-extracting_archive is mentioned, that:
"The main downside of self-extracting archives is that running executables downloaded from the Internet may pose a security risk... ", but it address more private users, not a
The company doesn't have a rule about it yet, so we have to describe reasons, why it is (or is not) a security problem.
Thanx in advance.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Typically the content filter based on policy can alert and quarantine the data, not lettong it pass through. The log will have this event recorded if desired.
There is definitely other services beside bluecoat such as those stated in link below
http://m.lifehacker.com/5312820/five-best-content-filtering-tools
There is definitely other services beside bluecoat such as those stated in link below
http://m.lifehacker.com/5312820/five-best-content-filtering-tools
Blacklist url are available and normally typically from bad dns link. Check out this
http://en.m.wikipedia.org/wiki/Comparison_of_DNS_blacklists
Of course it can also be the blacklisting of ip address but that itself is not reliable since addresses are dynamic from internet and changing always. Blacklisted dns is common which minimally stop rogue source. Another means is via reputation services subscription which AV folks are big time with it. E.g trend micro has file filtering services
http://www.virusexperts.org/security-channel/file-reputation-the-new-protection-technology-from-trendmicro-video/
http://en.m.wikipedia.org/wiki/Comparison_of_DNS_blacklists
Of course it can also be the blacklisting of ip address but that itself is not reliable since addresses are dynamic from internet and changing always. Blacklisted dns is common which minimally stop rogue source. Another means is via reputation services subscription which AV folks are big time with it. E.g trend micro has file filtering services
http://www.virusexperts.org/security-channel/file-reputation-the-new-protection-technology-from-trendmicro-video/
ASKER
Thank you!!
ASKER
the uploaded files are uploaded only from some persons from an internal department and the content is availalbe only for registered users (several thousands, perhaps).
Are there more such scan services like bluecoat and what happens normally in a case, if the web-site is found containing malware files? Are there smth. like 'black lists' with such URLs?
I mean is there a risk, that the company image is damaged in a result?