- Your Needs
- What to Protect
- Security Policies
- Security Policy Requirements
- Incident Procedures
- Security Categories
- Software Vulnerability Control
- Hostile Software
- Network Layout
- Traffic Filtering
- Firewall Protection
- Network Intrusion Detection
- Network Port Scanning
- Network Tools
- Types of Attacks
- Protocol Use
- Entry Points
- Application Level Protection
- System Protection
- User Issues
- Other Recommendations
Mail and Security
Many attempts to intrude on organizational networks are made either through the organization's email server or through sending mail directly to users of the network. There are several steps which should be taken to reduce the chance of penetration success in this area.
- Block many dangerous email attachments on your mail server or at your firewall. Many attachment types may contain code that can be run on workstations or servers and create a method for an outsider to gain control of that machine. If an executable attachment is sent to one of your users and they double click on the attachment, it is likely that the code will run and the attack will succeed. The only defense in this case is your antivirus software on the machine. However consider the possibility that the virus program may not recognize the attachment as hostile code either because it was not detected yet or because a hacker specifically wrote the code to penetrate your network. We block the following attachments because they either can point to dangerous code, are dangerous code or can contain dangerous code:
- *ade - Microsoft Access project extension can contain executable code.
- *adp - Microsoft Access project can contain executable code.
- *app - Microsoft FoxPro application is executable code.
- *asp - Active server pages
- *asx -
- bas - Basic program source code is executable code.
- bat - Batch file which can call executable code.
- *chm - Compiled HTML help file can contain executable code.
- cmd - Windows NT command script file is executable code.
- com - Command file program is executable code.
- cpl - Control panel extension
- -dll - Dynamic link library is executable code. Could be placed on your system then run by the system later.
- exe - Binary executable program is executable code.
- *fxp - Microsoft FoxPro is executable code.
- *hlp - Help file
- *hta - HTML program
- *inf - Setup information
- *ins - Internet naming service
- *isp - Internet communication settings
- *ksh - Unix shell file
- *lnk - Link file
- *mda - Microsoft Access add-in program
- *mdb - Microsoft Access program
- *mde - Microsoft Access MDE database
- *mdt - Microsoft Access file
- *mdw - Microsoft Access file
- *mdz - Microsoft Access wizard program
- *msc - Microsoft Common Console document
- msi - Microsoft windows installer package
- *msp - Windows Installer patch
- mst - Visual Test source files
- *ops - FoxPro file
- pcd - "Photo CD image or Microsoft Visual Test compiled script"
- pif - "Shortcut to MS-DOS program"
- *prf - "Microsoft Outlook Profile Settings"
- *prg - "FoxPro program source file"
- reg - Registry files
- *scf - "Windows Explorer Command file"
- scr - Screen saver
- sct - Windows® script component
- *shb - Document shortcut
- *shs - Shell scrap object
- *url - Internet address
- vb - Visual Basic file
- vbe - Visual Basic encoded script file
- vbs - Visual Basic file
- wsc - Windows script component
- wsf - Windows script file
- wsh - Windows script host settings file
- xsl - XML file may contain executable code
Microsoft Outlook blocks these above attachments by default in Outlook 2003 as noted at Attachment File Types Restricted by Outlook 2003.