This white paper examines the security threats facing companies due to viruses that can be contracted through HTTP and FTP downloads. The paper explains why it is important to scan corporate downloads at ISA Server level and describes how GFI DownloadSecurity, which is built on ISA Server, does this.

The need for Internet access

The Internet is an essential tool for most employees within a company. Online ordering of goods, customer & product research and more make it a requirement for most employees to have HTTP and FTP access at work. Yet, many companies do without Internet access simply because they do not have the right products and in-house know-how to secure their network. Microsoft ISA Server, with its unique Active Directory integration, will change all this.

Microsoft's new ISA Server promises to revolutionize corporate Internet access. Unlike other firewalls to date, ISA Server provides a clear and easy-to-use interface for securing your network, as well as the power to control outbound Internet access. Microsoft's open APIs allow third-party vendors to build on top of this firewall platform, ensuring that the customer enjoys a wide choice of add-on tools and products. Rather than having to implement and manage security tools and products through different interfaces and with diverse concepts, ISA Server now brings all this together in a scalable and extendable security platform.

Once you have deployed ISA Server, it is a good idea to implement additional protection against files available for download which can include Trojans, viruses and more.

The need to block viruses

Virus contamination is widespread. The British Department of Trade and Industry 2002 Information Security Breaches study conducted by PricewaterhouseCoopers found that 4 in 10 companies are affected by viruses. US company Ferris Research estimates that viruses cost corporations at least US$6 billion annually (June 2002).

Email is currently the top distribution mechanism for the world's most dangerous electronic viruses, such as deadly viruses transported through Word macros (e.g., Melissa), infected attachments (e.g., Love Bug) and commands embedded in HTML mail. However, fast on the trail of email viruses are those contracted through HTTP and FTP downloads: While on the web, users might unknowingly download a file that is actually a Trojan or is infected. An indication of this is Hacker's Digest report that 6 per cent of one online file-sharing network's files are actually viruses (as reported in InfoWorld, November 2002). Meanwhile, in April 2002, InfoSecurity News reported that the JS Coolnow virus automatically loads from a simple web page is visited, showing how hazardous surfing to new web sites can be.

Corporations simply cannot afford to overlook the danger of users encountering infected files on the Internet. A possibility is to disable all downloads - but this is an impractical solution that would result in a diminished use of the Internet.

The ideal solution lies in scanning downloads for dangerous and infected content at the ISA Server level. This way you can control what files enter your network via FTP and HTTP and ensure that they are virus-free. One tool that can do this is GFI DownloadSecurity for ISA Server.

Combating harmful downloads at ISA Server level

GFI DownloadSecurity for ISA server provides content filtering and anti-virus checking of inbound material at server level. It scans incoming traffic for viruses, Trojans or objectionable material. Using its powerful rules engine, you can define which files you wish to allow users to have. You can also configure GFI DownloadSecurity to quarantine file downloads for administrator approval.

GFI DownloadSecurity's anti-virus module scans incoming traffic - such as HTTP and FTP files that are being downloaded - and checks them for viruses. Additionally, GFI DownloadSecurity automatically downloads virus updates whenever necessary to keep your protective set-up up-to-date.

Working hand in hand with this is GFI DownloadSecurity's rules engine. This allows you to quarantine suspicious file types such as .exe files, zip files and other files that could contain harmful content. It is true that you can block all these files at the firewall level, but this would substantially restrict the usefulness of the Internet and therefore employee productivity. Instead, GFI DownloadSecurity quarantines the files for review and approval by the administrator. This way, users can still download the files they need, but these can be checked for malicious content before being delivered.

As a further defense, GFI DownloadSecurity can protect you against the automatic downloading of files to users' PCs by known and unknown applications. Some software applications automatically connect to their home pages to download updates using HTTP tunneling. Although this can reduce administration, it can also present a security risk because unknown applications or Trojans can use the same technique to download malicious files onto a user's PC, without the user knowing. You can configure GFI DownloadSecurity to allow updates from known/approved sites (e.g. Microsoft.com) and block automatic updates from unknown sites.

GFI DownloadSecurity was built from the ground up to work with ISA Server. As a result, installation and administration are easy: No dedicated machine or specialized know-how is required and there is no need to change anything to your network configuration. GFI DownloadSecurity hooks in ISA Server as an ISAPI extension and can leverage features such as alerts, reporting and so on, that are already found in ISA Server.

Just as MS Exchange Server revolutionized corporate email, GFI expects that ISA Server will do the same for network security. As a result, GFI DownloadSecurity for ISA Server's ability to help organizations protect, accelerate and control their network access by bringing content and virus filtering functions to this new Microsoft platform, resulting in a highly scalable and integrated way of implementing corporate security.

About GFI

GFI (www.gfi.com) is a leading provider of Windows-based messaging, content security and network security software. Key products include the GFI FAXmaker fax connector for Exchange and fax server for networks; GFI MailSecurity email content/exploit checking and anti-virus software; and the GFI LANguard family of network security products. Clients include Microsoft, Telstra, Time Warner Cable, Shell Oil Lubricants, NASA, DHL, Caterpillar, BMW, the US IRS, and the USAF. GFI has six offices in the US, UK, Germany, France, Australia and Malta, and has a worldwide network of distributors. GFI is a Microsoft Gold Certified Partner and has won the Microsoft Fusion 2000 (GEM) Packaged Application Partner of the Year award.

© 2002 GFI Software Ltd. All rights reserved. The information contained in this document represents the current view of GFI on the issues discussed as of the date of publication. Because GFI must respond to changing market conditions, it should not be interpreted to be a commitment on the part of GFI, and GFI cannot guarantee the accuracy of any information presented after the date of publication. This White Paper is for informational purposes only. GFI MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. GFI FAXmaker, GFI MailEssentials, GFI MailSecurity and GFI LANguard and the GFI FAXmaker, GFI MailEssentials, GFI MailSecurity and GFI LANguard logos and the GFI logo are either registered trademarks or trademarks of GFI Software Ltd. in the United States and/or other countries. Microsoft, Exchange Server, VS API, Word, and Windows NT/2000/XP are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Other product or company names mentioned herein may be the trademarks of their respective owners. GFI. http://www.gfi.com info@gfi.com 1-888-2GFIFAX / +44 (0) 870 770 5370

back to top