Ignite 2016 Notes on File Blocking

One of the points driven home at Ignite was that of File Blocking. Its common practice to do file blocking in email, but most browsers do not block files – and that is how badness gets in. Block these in your WAF; or NGFW.

Block all PE files ( .pif, .fon, efi, .drv, .scr, .sys, .ocx, .dll .cpl, .exe )

Block .LNK, .HLP, .CHM, .BAT, .VBS

ALERT on .RAR., and .ZIP < – as an indicator