When using Glasswall's CDR technology, you have the option to set your own sanitization preferences by changing the policy settings for each of the supported file types.
This means you can shape your organizationโs security policy in accordance to its risk tolerance.
Choose the right policy settings for your organization
Glasswall allows you to configure content management policies to match your organization's risk appetite, so that you control the sanitisation settings of files and their contents during the CDR process.
Initially, all default settings are set to โSanitiseโ to give you the best balance between security and usability. Allowing certain types of content presents a risk to you if an attacker has placed malware within a file, however, your organisation may be more willing to accept and manage that risk for certain file types.
Each type of risky content has been assigned a risk level (High Risk, Medium Risk, Low Risk) to help you make an informed decision.
Policy settings
The following policy settings can be applied to risky content:
- Sanitise: we'll analyze the file and remove this type of risky content, then rebuild the file.
- Example: you can sanitise (remove) macros from Word files.
- Allow: we'll analyze and rebuild the file, but we won't remove this type of risky active content.
- Example: you can allow macros for Word files. (This presents a risk to you if an attacker has placed malware within a file.)
- Disallow: we'll analyse the file, but if we find the risky content, we won't process the file at all.
- Example: you can specify that Word files with macros aren't processed at all.
Risky content types
You're able to set preferences for the following active content depending on your file type:
Risky content type | Risk Level | Description |
---|---|---|
Acroform | High Risk | An AcroForm is a PDF that contains form fields ('Acrobat Form'). In addition to looking like a form, it may also contain active code (e.g. JavaScript) that could be malicious. AcroForms can also be used to hide objects inside other objects. |
Connections | High Risk | The Excel connections feature controls connections to external data sources. This may present a risk if the external data source is compromised with malware or lead to SQL injection attacks, where the external data source is an SQL database. |
Digital Signatures | Low Risk | The source document may have been signed with a digital signature. While the signing may not represent a threat, if the ownership and trust of the certificate chain has been compromised, it could trick a user into viewing a document containing something malicious. |
DDE | High Risk | Dynamic Data Exchange (DDE) allows data to be shared between applications in some old versions of Windows. DDE within a Microsoft document presents risk, as it may be used to execute malicious code on the recipient's computer. |
Embedded Files | High Risk | Embedded objects are files, items, or entities that have been added into a different program or object (for instance, a gif in a Word document). Embedded objects within files may present risk if they provide a way for active code to be triggered or hide data within a document. |
Embedded Images | Medium Risk | Embedded images are pictures where data has been incorporated into the file. They may present risk if they provide a way for malicious content to be hidden inside the image. |
External Hyperlinks | Medium Risk | External hyperlinks redirect you to open something outside the file. A hyperlink may seem innocent, but it could route to a different destination than the link thatโs displayed. Caution is advised when clicking links in documents. |
Foreign Objects | Medium Risk | Foreign objects may include items like HTML code, images, or other media types. They allow the author to include elements from other file formats or programming languages within the file that could be malicious.โ |
GeoTIFF | Medium Risk | GeoTIFF is an extension to the TIFF file format and can include metadata that describes the coordinate system, projection, and other spatial properties of an image that the owner may not intend to disclose. |
Internal Hyperlinks | Medium Risk | Internal hyperlinks route you to a different place within a file. An internal hyperlink may seem innocent, but it could route you to a different destination than the link thatโs displayed. Caution is advised when clicking links in documents. |
Javascript | High Risk | JavaScript is a form of active code that may be benign in nature, but all too often is used by bad actors to mount an attack against the user or receiving system in a business document. |
Macros | High Risk | Macros are sequences of events (including keystrokes or clicks) that can be automated. Macros may seem benign in nature, but all too often are used by bad actors to mount an attack against the user or receiving system in a business document. |
Metadata | Medium Risk | Metadata is data about other data. Metadata may reveal information the owner may not intend to disclose, such as what computer was used to create the document or the original author's name. |
PDF Actions | High Risk | PDF actions are built-in functionality in PDF documents. PDFs could include buttons that execute JavaScript or links to untrustworthy external resources. This means they could be used to launch a phishing attack, download malware, or steal sensitive information. |
Review Comments | Medium Risk | Review comments are comments that have been added to Microsoft files. They may reveal information the owner may not intend to disclose, such as the original author's name. |
Scripts | High Risk | A script is a form of active code that may be benign in nature, but all too often is used by bad actors to mount an attack against the user or receiving system in a business document. |
Tracked Changes | Medium Risk | Tracked changes convey the history of edits made within a file. They may reveal information the owner didn't intend to disclose. |
For more information please contact us.