RE: Novarg

["Ivan Coric" <ivan.coric () workcoverqld com au>]

I should have used the word "quarantine" rather than "block", as legitimate .zip files are permitted, upon inspection. 
This in no way curtails usability, but may be a minor inconvenience.

cheers
Ivan

> > > "Jeremy Hyland" <hylandj () u washington edu> 01/30/04 12:57pm >>>
I also find limiting all inbound traffic significantly reduces the chances
of all manner of network security issues, but that doesn't make it a good
policy.

The issue here is the classic debate of usability vs. security. Well yeah
.zip files represent a risk, but they can also be a powerful tool for
getting work done.

I'm not about to start recommending .zip files be blocked on my network
because I know my users need the functionality provided by .zip files. Your
situation may be very different, and blocking .zip files might be the best
choice. Either way, I highly recommend that the needs of users be considered
before usability is curtailed.

-Jeremy


Jeremy J. Hyland

-----Original Message-----
From: Ivan Coric [mailto:ivan.coric () workcoverqld com au] 
Sent: Wednesday, January 28, 2004 4:58 PM
To: jim () jimz net; incidents () securityfocus com 
Subject: Re: Novarg

Hi Jim,
Maybe you could explain this statement a little better? 

"after all, completely blocking zip files in attachments is a very, very
sharp double-edged knife."

We block all 'zip' attachments and have found it excellent way to prevent
new virus' from entering the network, prior to signatures files being
released. And that also goes for, .pif, .scr, .exe etc.

Kind Regards
Ivan


Ivan Coric, CISSP
IT Technical Security Officer
Information Technology
WorkCover Queensland
Ph: (07) 30066414 Fax: (07) 30066424
Email: ivan.coric () workcoverqld com au 

> > > Jim Zajkowski <jim () jimz net> 01/29/04 04:33am >>>
I'm waiting for the virus that automatically zips itself with a 
different, random password and e-mails the victim with something like 
"hey, check this out -- I encrypted it with password <foo>."  It'll be 
interesting to watch the policies fly -- after all, completely blocking 
zip files in attachments is a very, very sharp double-edged knife.

--Jim


---------------------------------------------------------------------------
----------------------------------------------------------------------------







***************************************************************************
Messages included in this e-mail and any of its attachments are those
of the author unless specifically stated to represent WorkCover Queensland.
The contents of this message are to be used for the intended purpose only
and are to be kept confidential at all times.
This message may contain privileged information directed only to the
intended addressee/s. Accidental receipt of this information should be
deleted promptly and the sender notified.
This e-mail has been scanned by Sophos for known viruses.
However, no warranty nor liability is implied in this respect.
**********************************************************************


---------------------------------------------------------------------------
----------------------------------------------------------------------------








***************************************************************************
Messages included in this e-mail and any of its attachments are those
of the author unless specifically stated to represent WorkCover Queensland. The contents of this message are to be used 
for the intended purpose only and are to be kept confidential at all times.
This message may contain privileged information directed only to the intended addressee/s. Accidental receipt of this 
information should be deleted promptly and the sender notified.
This e-mail has been scanned by Sophos for known viruses.
However, no warranty nor liability is implied in this respect.
**********************************************************************


---------------------------------------------------------------------------
----------------------------------------------------------------------------