Security Basics mailing list archives
RE: blocking file formats in the interior of the network
From: "Scott Ramsdell" <Scott.Ramsdell () cellnet com>
Date: Thu, 9 Nov 2006 12:30:11 -0500
Raimar, If your file server is a Windows box, this script will dump a list of .MP3s and their paths to a file on C:\ named "#of MP3s + machine name". I used to run this locally on my user's workstations and copy the results to a central location, but stopped when I realized it was indexing all of the mapped drives too! Caused quite a bit of traffic ;) You could easily edit the WMI query to select only local drives, if you want. You could add a line to delete the file after reporting on it too, and change the extension for the other formats you're after. The script: (asterisks denote a new line and should be deleted. I added them because my other posted scripts didn't format well.) *On Error Resume Next *Set objNetwork = Wscript.CreateObject("Wscript.Network") *computerName = objNetwork.ComputerName *Set objFSO = WScript.CreateObject("Scripting.FileSystemObject") *Set objWMI = GetObject("winmgmts:{impersonationlevel=impersonate}!\\" & computerName & "\root\cimv2") *Set colMP3s = objWMI.ExecQuery ("SELECT * FROM CIM_DataFile WHERE extension = 'mp3'") *For EACH MP3 in colMP3s *Set objFile = objFSO.OpenTextFile("c:\" & colMP3s.Count & " " & computerName & ".txt", 8, True) *objFile.WriteLine computerName & " " & MP3.FileName & ".mp3" & " " & MP3.Path *objFile.Close *Next Kind Regards, Scott Ramsdell -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Melchior, Raimar Sent: Thursday, November 09, 2006 4:15 AM To: security-basics () securityfocus com Subject: blocking file formats in the interior of the network Hi All, I would be very pleased if somebody could give me some advises on my following question. We are seeking a solution which can detect/block different file formats (mp3, wmf, etc) in the interior of the network. There are some people who think they can put their mp3 and other files on the server share. Since there are a lot of authorised users who have access to those shares we can't disallow access to shares on a per user/group basis. We want to filter out different fileformats and set thresholds on allowed traffic. I assume we need some kind of IDP oder a NAC solution which can look into the content and blocks those traffic that is going from internal users to the shares. It would be great if you could give me some suggestions on this and what products/appliances are able of doing that. Many Thanks. - Raimar ------------------------------------------------------------------------ --- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- blocking file formats in the interior of the network Melchior, Raimar (Nov 09)
- Re: blocking file formats in the interior of the network Isaac Perez (Nov 10)
- RE: blocking file formats in the interior of the network Szabo, Thomas (Nov 10)
- Re: blocking file formats in the interior of the network Mike Peppard (Nov 10)
- <Possible follow-ups>
- RE: blocking file formats in the interior of the network Beauford, Jason (Nov 10)
- RE: blocking file formats in the interior of the network Petter Bruland (Nov 10)
- RE: blocking file formats in the interior of the network Scott Ramsdell (Nov 10)
- Re: blocking file formats in the interior of the network krymson (Nov 14)