Problem solve

Preventing unauthorized downloads

Is there a simple method to prevent selected users on a network from downloading specific file types such as .exe and .zip off the Internet, while still being able to browse freely and download .pdf files?

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

Internet access is provided with Netscape 4.7 on a Windows 95 workstation, running Novell Netware 5 for approximately 100 users.

There is no sure way to prevent downloads such as you described, simple or otherwise. You can likely set up your firewall to look for filenames with the extensions you want prohibited and have them stopped. Some antivirus software can also be set to scan all downloaded files and can be set to look for executables. However, users who want to avoid all these prevention measures will find ways to get around them.

Do your computers have Zip Drives or high-density floppies? If so, these files can be downloaded elsewhere and then brought over by "sneaker-net."

What prevents a user from downloading an executable elsewhere, then using uu-encode or some other encoding scheme to turn the executable into a text file? They could then e-mail the encoded text file to the machine you are protecting, and decode the text file back into an executable.

The best answer is to have a clearly defined policy that unauthorized downloads or other unauthorized importation of executable files are not allowed, then enforce that policy. Be sure the policy states what the penalties for violation are, and apply the penalty when someone is caught.

Technical solutions to this problem are difficult at best, particularly given that you are using the insecure Windows 95 Operating System. There really are no access control restrictions for what a user can do on their local machine using Win95 or Win98. So the users are effectively the Administrator or "root" for their machine. Thus, solving the problem via policy and procedure is your best bet.

This was last published in April 2001

Dig Deeper on Data loss prevention technology

All
News
Get Started
Evaluate
Manage
Problem Solve

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

Meet all of our Information Security experts

View all Information Security questions and answers

Related Resources

Dig Deeper on Data loss prevention technology

Have a question for an expert?

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.