Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
Prevent download of password protected ZIP
« previous
next »
Print
Pages: [
1
]
Author
Topic: Prevent download of password protected ZIP (Read 2006 times)
gafrol
Newbie
Posts: 11
Karma: 0
Prevent download of password protected ZIP
«
on:
November 24, 2022, 03:06:43 pm »
Is this somehow possible ?
Thanks
Logged
gafrol
Newbie
Posts: 11
Karma: 0
Re: Prevent download of password protected ZIP
«
Reply #1 on:
December 04, 2022, 01:18:29 am »
Apparently this is not possible which is a bit concerning as this attack vector is quite common.
Logged
meyergru
Hero Member
Posts: 1697
Karma: 166
IT Aficionado
Re: Prevent download of password protected ZIP
«
Reply #2 on:
December 04, 2022, 05:58:50 pm »
It is possible, but you are barking at the wrong tree if you expect this to be the job of a firewall like OpnSense.
What you are asking for is clearly OSI level 7. What your firewall can inspect are usually isolated, probably out-of-order network packets, but not a whole "file" or "stream" that is being transferred via HTTP (or any other transport protocol, e.g. SMTP). Also, the firewall cannot even decrypt the TLS traffic, so there cannot be any introspection.
What you are asking for is an instance that can look at a received file that is being constructed from a sequence of encrypted TCP packets and then decode its content in order to see if it contains a ZIP file that is encrypted.
That instance must be located client-side or be implemented as an application-level gateway. Usually, antivirus software this will not prevent opening of encrypted ZIP files, but detect if there is malware contained. Some mail gateways can block file attachments.
Logged
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005
1100 down / 440 up
,
Bufferbloat A+
bachmarc
Newbie
Posts: 11
Karma: 0
Re: Prevent download of password protected ZIP
«
Reply #3 on:
December 09, 2022, 04:52:05 pm »
The dirty things you need to do with encrypted traffic to get this ability is exactly what I would never do because I am afraid that I make things worse if I mess up SSL chain and try to be the more clever man in the middle...
I thought about all that but I think I open hells gate and more over I violate essential rights of people in the network, I try to protect.
A thin bridge to walk on in EU even if people know better how-to then I poor guy do
Marc
Logged
meyergru
Hero Member
Posts: 1697
Karma: 166
IT Aficionado
Re: Prevent download of password protected ZIP
«
Reply #4 on:
December 09, 2022, 11:05:10 pm »
+1
And believe me, you cannot stop anybody with a decent background in IT to do whatever is neccessary to circumvent even such hellish measures.
I personally have defeated many of the more obvious things just by using company-supplied proxies. All it takes is a proxy software that covers up its traffic as legitimate HTTPS - mostly not even that is needed. And I have seen people trick 802.1x by virtualizing their locked-up Windows PC images and running those on their private PC. Being able to use arbritary software, you could even use DNS requests for any kind of traffic.
Also what good are measures like preventing copy-and-past in a Citrix environment if people are then only sending the same files as E-Mail attachments?
The more appropriate way of doing this is educating your users. While one is at that, the fellow colleagues should also be told never to use TO or CC on a customer list of several hundred recipients, which is something that may help avoiding big fines under EU law.
Logged
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005
1100 down / 440 up
,
Bufferbloat A+
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Web Proxy Filtering and Caching
(Moderator:
fabian
) »
Prevent download of password protected ZIP