Azure Databases. Project Bonsai. Education Sector. Microsoft Localization. Microsoft PnP. Healthcare and Life Sciences. Internet of Things IoT.
Enabling Remote Work. Small and Medium Business. Humans of IT. Green Tech. MVP Award Program. Video Hub Azure. Microsoft Business. Microsoft Enterprise. Browse All Community Hubs. Turn on suggestions. Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Connect and share knowledge within a single location that is structured and easy to search. Is it possible to prevent executables or portable apps from being downloaded in a corporate environment on the network layer? I can imagine that there are solutions with deep packet inspection to prevent them from being downloaded if sent in cleartext over HTTP or FTP for example. In short, what is good practice to prevent users from downloading executables?
Depends in the scope of the proyect and the ammount of data thats managed for the network. This could have different approaches:. You can deploy a WSA Web Security Appliance there you can modify the configuration to block certain types of files to be downloaded.
Sadly this is inefective if there is already other browsers installed in the host. The network layer is not aware of the higher level data that its packets are forming. Its just packets and rules to handle them. You have to analyze the payload of the packets if you want to know what is transmitted in the bigger picture. What you wrote is therefore correct. Deep packet inspection would be the only way.
And in case of encrypted data you have to somehow decrypt it. It is also necessary to keep in mind that deep packet inspection is not allowed in some legal environments already, as well as methods to decrypt the traffic.
From what we understand, your intention is to prevent the downloading of specific file types e. This can be done by installing a network proxy in your corporate environment.
The proxy stands between your users on the internal network and the Internet. Settings on the network proxy can block certain file types such that the proxy will deny users download of executables by inspecting a URL.
For example, a forbidden URL might be '. The web filter on the proxy server can thus be used to restrict clients from accessing specific file types or URLs on the web. Sign up to join this community. The best answers are voted up and rise to the top.
Stack Overflow for Teams — Collaborate and share knowledge with a private group. Create a free Team What is Teams? Learn more. How to prevent users from downloading executable files or portable apps? Ask Question.
0コメント