RE: Novarg

["Smith, David" <dsmith () teamumc com>]

We block *.zip, *.exe, etc. with little problem.  If our user is getting
mail with a stripped attachment that they need, they will call our help
desk.  It was easy to train our users to tell the sender to change the
extension on the file to *.txt and provide a note in the body as to what the
actual extension should be in the body of the letter.  They can then save
the attachment, change the extension, and move forward.  We have about 1200
PC's; it would be worse having to disinfect each one.  Users do not bother
with any of the attachments unless they are really work related.  It sure
cut down on the junk stored on our Exchange server, as well as not having a
single machine impacted by this latest episode. 

David Smith
Technical Support Manager
University Medical Center
Lubbock, TX 79415
806-775-9080
 
-----Original Message-----
From: Jeremy Hyland [mailto:hylandj () u washington edu] 
Sent: Thursday, January 29, 2004 8:58 PM
To: 'Ivan Coric'; jim () jimz net; incidents () securityfocus com
Subject: RE: Novarg

I also find limiting all inbound traffic significantly reduces the chances
of all manner of network security issues, but that doesn't make it a good
policy.

The issue here is the classic debate of usability vs. security. Well yeah
.zip files represent a risk, but they can also be a powerful tool for
getting work done.

I'm not about to start recommending .zip files be blocked on my network
because I know my users need the functionality provided by .zip files. Your
situation may be very different, and blocking .zip files might be the best
choice. Either way, I highly recommend that the needs of users be considered
before usability is curtailed.

-Jeremy


Jeremy J. Hyland

-----Original Message-----
From: Ivan Coric [mailto:ivan.coric () workcoverqld com au] 
Sent: Wednesday, January 28, 2004 4:58 PM
To: jim () jimz net; incidents () securityfocus com
Subject: Re: Novarg

Hi Jim,
Maybe you could explain this statement a little better? 

"after all, completely blocking zip files in attachments is a very, very
sharp double-edged knife."

We block all 'zip' attachments and have found it excellent way to prevent
new virus' from entering the network, prior to signatures files being
released. And that also goes for, .pif, .scr, .exe etc.

Kind Regards
Ivan


Ivan Coric, CISSP
IT Technical Security Officer
Information Technology
WorkCover Queensland
Ph: (07) 30066414 Fax: (07) 30066424
Email: ivan.coric () workcoverqld com au

> > > Jim Zajkowski <jim () jimz net> 01/29/04 04:33am >>>
I'm waiting for the virus that automatically zips itself with a 
different, random password and e-mails the victim with something like 
"hey, check this out -- I encrypted it with password <foo>."  It'll be 
interesting to watch the policies fly -- after all, completely blocking 
zip files in attachments is a very, very sharp double-edged knife.

--Jim


---------------------------------------------------------------------------
----------------------------------------------------------------------------







***************************************************************************
Messages included in this e-mail and any of its attachments are those
of the author unless specifically stated to represent WorkCover Queensland.
The contents of this message are to be used for the intended purpose only
and are to be kept confidential at all times.
This message may contain privileged information directed only to the
intended addressee/s. Accidental receipt of this information should be
deleted promptly and the sender notified.
This e-mail has been scanned by Sophos for known viruses.
However, no warranty nor liability is implied in this respect.
**********************************************************************


---------------------------------------------------------------------------
----------------------------------------------------------------------------



---------------------------------------------------------------------------
----------------------------------------------------------------------------

---------------------------------------------------------------------------
----------------------------------------------------------------------------