Educause Security Discussion mailing list archives

Re: blocking .ZIP attachments

From: Jason Richardson <A00JER1 () WPO CSO NIU EDU>
Date: Thu, 19 Aug 2004 17:15:27 -0500

We've been blocking them for a month also stating that it would only be
temporary.  After monitoring the total number of blocked ZIPs for the
month - thousands per day - we made the decision to add ZIP to our
permanent block list yesterday and announced it to our distributed IT
staff.  I was frankly amazed that I got buy-in for this decision but
we've experienced very little blow-back so far.  It is early though...

Good luck.

---
Jason Richardson
Manager, IT Security and Client Development
Enterprise Systems Support
Northern Illinois University
Voice: 815-753-1678
Fax: 815-753-2555
jasrich () niu edu

jcb () LSU EDU 8/19/2004 4:53:20 PM >>>

I apologize if this topic has been discussed before, but I couldn't
find
any direct mention of this specific issue recently.

We have a problem with viruses penetrating the campus "under the radar"
so
to speak. Before a new virus is detected and the anti-virus update is
written, received, and distributed, we have a window of vulnerability.
In
the past we have lost a considerable amount of time repairing these
outbreaks. The vector for many of these infections has been through
attachments especially .ZIP's. At first we were intermittently
blocking
.zip and other attachments; going back and forth between blocking and
accepting as each new virus appeared. We found that keeping the zip's
blocked had a big impact on minimizing the impact of new virii.

We've gotten to the point where we cringe at the thought of unblocking
.zip's and would like to make it permanent. Before I propose this to
the
administration, I wanted to see if anyone could comment on whether
they
are, or are not, blocking zip's and other attachments and if not, what
other solutions they have considered.

Thanks.

John Borne
Asst Dir for System Support
Computing Services
Louisiana State University

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/cg/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/cg/.

Current thread:

blocking .ZIP attachments John C Borne (Aug 19)
- <Possible follow-ups>
- Re: blocking .ZIP attachments Jason Richardson (Aug 19)
- Re: blocking .ZIP attachments Smotherman, Brian (Aug 19)
- Re: blocking .ZIP attachments Gary Flynn (Aug 19)
- Re: blocking .ZIP attachments Dave Koontz (Aug 19)
- Re: blocking .ZIP attachments Tim Lane (Aug 19)
- Re: blocking .ZIP attachments John C Borne (Aug 19)
- Re: blocking .ZIP attachments Davis, Thomas R. (Aug 20)
- Re: blocking .ZIP attachments Theresa M Rowe (Aug 20)
- Re: blocking .ZIP attachments Jim Bollinger (Aug 20)
- Re: blocking .ZIP attachments F.L.Ferreri (Aug 20)
- Re: blocking .ZIP attachments Matthew Keller (Aug 20)

(Thread continues...)