[Dshield] Password protected Bagle.F

Don Peasley dPeasley at epix.net
Sat Mar 6 15:39:00 GMT 2004

Ernest Eustace wrote:

>Hello All,
>We got a good laugh out of many of the comments here at work, unfortunately
>its not as funny when we think about this being the same kind of stuff we
>have to put up with here.
>Even though we block most downloads at our network edge, we did allow ZIPs
>for the CAD folks to get their huge drawings, but now with so many Bagle
>variants on the loose we've blocked ZIPs too, and as expected are getting
>resistance from the users, but more particularly from their managers.
>I was wondering what, if anything some of you have done to allow access to
>ZIPs but still keep the network secure. I am certainly not going to be
>allowing ZIPs in any time soon, our gateway A/V firewall (FortiGate) is
>registering over a 1000 infected ZIPs quarantined daily.
>For the time being we are setting up individual FTP accounts for the users
>that need them and asking their contacts to upload the ZIPs there, but some
>of these are mass mailed to many individuals (not all at our company) and
>the managers feel its too much trouble to ask the sender to FTP just for us
>(though they seem not to understand that it would be much more trouble if
>some worm infected us and there was NO network).
>Thanks in advance for any input.
>Networking & Security

Build or use a CITIS (Contractor Integrated Technical Information 
Services) style web site.

A brief description:
A controlled access web site with upload and download capability.  The 
site can be configured with seperate directories, all access controlled, 
for different groups.  The files being uploaded should be scanned prior 
to being available for download.  This will eliminate any attachments 
via email.  Users should be able to subscribe to a given directory or 
file and be sent notification when the contents have been updated.

This model eliminates most of the problems caused by using email and ftp 
for file transfer, and allows for easy logging of transfers.  According 
to Translation Town 
this type service has been used since 1990.


More information about the list mailing list