[Thanks to Tarun Mann, a Sales Engineer here at 8e6, for providing the background information for this post.]

The other day I was talking to an 8e6 reseller and he brought up a question that I’ve heard a few times before. He has a customer who wants to prevent users from downloading executable files directly off the Internet. Obviously, the web filter / secure web gateway is the place to enforce this policy.

Although we don’t have a specific feature in the 8e6 web filter (the R3000) directed at this request, our crafty Sales Engineering team has devised a solution. They’ve deployed this solution in many of our customer’s networks - it’s simple and it works.

(more…)

I occasionally get emails from new customers, usually just after they’ve installed the filter for the first time, that read like this:

“How come you guys don’t have proxy.example.com in your database?? I can’t believe you don’t block this proxy! It’s the first one I found!”

They are almost always correct when they say that we didn’t have some given proxy site in our Library. We have many, many thousands of proxy URLs in the Library, but certainly not all of them.

However, they are almost always wrong when they say that we don’t block it.

(more…)

Know thy enemy. Keep your friends close, and your enemies closer. If you are an IT administrator charged with the task of securing your network, the most important knowledge you possess is an in-depth understanding of the threats you’re working to counter.

Some are external threats: How does malware propagate? What techniques does spam email use to evade detection? Some are internal threats: Which of my employees has access to sensitive data? Which programs are my users installing and using to get their jobs done, how do those tools work, and how do I secure them? And of course …

How will my users circumvent the security infrastructure of my network, inadvertently or otherwise?

(more…)

A few weeks ago, I wrote about how you can use the IRC blocking capability of your web filter to detect the presence of bots on your network. In that post, I assumed that we all understood the threat posed by bots — why they’re different from good ol’ fashioned malware infections. I’ve been asked to expand on that a bit, so here goes.

As we all know, the Internet has become a critical business tool and criminals have taken notice. Just as there is money to be made in doing business on the Internet, there is money to be made in carrying out crime on the Internet. And as criminals have focused more on the Internet, their tools have necessarily evolved and become more sophisticated.

Five years ago, the typical virus or worm author’s sole purpose was to gain notoriety and cause end-user headaches. Liabilities were limited to business outages and user downtime. Those are significant liabilities to be sure, but they seem almost quaint in light of the new threat landscape.

(more…)

This is a screenshot of an unsolicited message that has recently been seen on Skype:

If you click through on the link you’ll see a web page with some cute JavaScript that makes it look like a security scan is being done on your computer. The bogus scan then reports that it found malware and recommends downloading a product called “Scan and Repair Utilities 2007″ — which is a well known rogue anti-spyware application. If you click through on that, you’ll be asked for your credit card information.

(more…)