RE: blocking file formats in the interior of the network

["Scott Ramsdell" <Scott.Ramsdell () cellnet com>]

Raimar,

If your file server is a Windows box, this script will dump a list of
.MP3s and their paths to a file on C:\ named "#of MP3s + machine name".

I used to run this locally on my user's workstations and copy the
results to a central location, but stopped when I realized it was
indexing all of the mapped drives too!  Caused quite a bit of traffic ;)
You could easily edit the WMI query to select only local drives, if you
want.

You could add a line to delete the file after reporting on it too, and
change the extension for the other formats you're after.

The script: (asterisks denote a new line and should be deleted.  I added
them because my other posted scripts didn't format well.)

*On Error Resume Next

*Set objNetwork = Wscript.CreateObject("Wscript.Network")

*computerName = objNetwork.ComputerName

*Set objFSO = WScript.CreateObject("Scripting.FileSystemObject")

*Set objWMI = GetObject("winmgmts:{impersonationlevel=impersonate}!\\" &
computerName & "\root\cimv2")

*Set colMP3s = objWMI.ExecQuery ("SELECT * FROM CIM_DataFile WHERE
extension = 'mp3'")

*For EACH MP3 in colMP3s
  *Set objFile = objFSO.OpenTextFile("c:\" & colMP3s.Count & " " &
computerName & ".txt", 8, True)
  *objFile.WriteLine computerName & " " & MP3.FileName & ".mp3" & " " &
MP3.Path
  *objFile.Close 
*Next

Kind Regards,
Scott Ramsdell


-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Melchior, Raimar
Sent: Thursday, November 09, 2006 4:15 AM
To: security-basics () securityfocus com
Subject: blocking file formats in the interior of the network

Hi All,

I would be very pleased if somebody could give me some advises on my
following question.

We are seeking a solution which can detect/block different file formats
(mp3, wmf, etc) in the interior of the network. There are some people
who think they can put their mp3 and other files on the server share.
Since there are a lot of authorised users who have access to those
shares we can't disallow access to shares on a per user/group basis. 
We want to filter out different fileformats and set thresholds on
allowed traffic.

I assume we need some kind of IDP oder a NAC solution which can look
into the content and blocks those traffic that is going from internal
users to the shares. 

It would be great if you could give me some suggestions on this and what
products/appliances are able of doing that.

Many Thanks.

- Raimar

------------------------------------------------------------------------
---
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic
Excellence 
in Information Security. Our program offers unparalleled Infosec
management 
education and the case study affords you unmatched consulting
experience. 
Using interactive e-Learning technology, you can earn this esteemed
degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------