Home > Security Channel Tips > Chapter Downloads > SSCP Domain 7: Malicious code -- Blocking file extensions
Security Channel Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 

CHAPTER DOWNLOADS

SSCP Domain 7: Malicious code -- Blocking file extensions


Diana-Lynn Contesti
08.14.2007
Rating: --- (out of 5)


Security Channel Update
Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


Customers may not know the difference between a virus and a worm, but understanding the different types of malware will help you protect their systems -- and pass the SSCP certification exam. This excerpt, from the Official (ISC)²® Guide to the SSCP® CBK® Domain 7: Malicious Code, by Diana-Lynn Contesti, takes a look at double file extensions. Download the full Domain as a PDF to learn about the different types of malware and their payloads.

Viruses, worms and Trojan horses all make use of the double file extension. The Windows operating systems allows the creation of files names with a number of spaces in it. This trick is intended to fool users into believing that the file they are viewing cannot be executed. as in this example:

PLAIN.TXT.EXE

The .EXE at the end of the spaces, makes the program executable. Unfortunately in e-mail, users will only see the .TXT and potentially believe that the file is simply a Text file. This is why much has been done to educate users on not running e-mail attachments.

As a number of file extensions can be used to deliver or contain malicious code, it is recommended that the administrators block specific File Extensio


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us    Add to Google


RELATED CONTENT
Chapter Downloads
Book Chapter: Web hacking
Testing the firewall - Introduction
Check Point NGX R65 operational changes
Common injection attacks
Top security book excerpts of 2007
Google Hacking: Ten security searches that work
Virtual honeypots: Tracking botnets
Tracking botnets
Defending against bots
Botnets summary

Computer Viruses, Worms and Malware
Trend Micro's Worry-Free Business Security 6.0 extends partner opportunities
Agilex partners with HBGary to offer security forensic, assessment services
What is the future of antivirus or antimalware software?
Checklist: Five steps to assessing a customer's antivirus protection
Top security book excerpts of 2007
Virtual honeypots: Tracking botnets
Tracking botnets
Defending against bots
Case studies
Botnets summary

Information Security Training and Certification
Managed services certification offered by MSPAlliance
Email security vendor Sendio unveils new partner program
Security certifications can boost your solution provider business
Security partner news briefs
SecurityCerts.org chooses top three security certifications
CompTIA launches new network certification exam
CISSP Study Guide: Business Continuity
CISSP Study Guide: Law, Investigations and Ethics
CISSP Study Guide: Security Architecture and Design
CISSP Study Guide: Information Security and Risk Management

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


ns at the Firewall. Table 7.3 is a partial list of suggested file extensions that should be blocked.

It is difficult for end users to understand all the file extensions that can be used and those that may be considered dangerous or Executable. Therefore, it is a good idea to develop a list of extensions that will be blocked at the Firewall by default. Every organization is unique and the list that is correct for one organization may not be correct for another. It is a good idea to educate users on some of the basic file extensions that you may not be able to block (i.e., .EXE, .PIF, .SCR, .COM).

A complete list of file extensions and their meanings is available at The File Extension Source; also view Every File Extension in the World from WhatIs.com.

Table 7.3 A Partial List of File Extensions That Should Be Blocked

[TABLE]

Official (ISC)²® Guide to the SSCP® CBK®
By Diana-Lynn Contesti, Douglas Andre, Eric Waxvik, Paul A. Henry, Bonnie A. Goins
Published by (ISC)2 Press
ISBN # 9780849327742; Copyright 2007; Pages: 573; Edition: 1st

Chapter: Domain 7: Malicious Code
By Diana-Lynn Contesti, CISSP-ISSAP, ISSMP, SSCP

Rate this Tip
To rate tips, you must be a member of SearchSecurityChannel.com.
Register now to start rating these tips. Log in if you are already a member.




DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.

HomeNewsTopicsITKnowledge ExchangeTipsMultimediaWhite PapersBlogsEvents
About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2006 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts