Policy settings
    • PDF

    Policy settings

    • PDF

    Article summary

    When using the Halo Portal, you have the option to set your own sanitization preferences by changing the policy settings for each of the supported file types from the Policy settings page.

    This enables our users to shape their organization’s security policy according to their own risk tolerance.

    image.png

    Choose the right policy settings for your organization

    Glasswall allows you to configure content management policies to match your organization's risk appetite, so that you control the sanitization settings of files and their contents during the CDR process.

    Initially, all default settings are set to “Sanitize” to give you the best balance between security and usability. Allowing certain types of content presents a risk to you if an attacker has placed malware within a file, however, your organisation may be more willing to accept and manage that risk for certain file types.

    Each type of risky content has been labeled with a risk level (High Risk, Medium Risk, Low Risk) to help you make an informed decision.

    Policy settings

    The following policy settings can be applied to risky content:

    • Sanitized: we'll analyze the file and remove this type of risky content, then rebuild the file.
      • Example: you can sanitize (remove) macros from Word files.
    • Allowed: we'll analyze and rebuild the file, but we won't remove this type of risky risky content.
      • Example: you can allow macros for Word files. (This presents a risk to you if an attacker has placed malware within a file.)
    • Blocked: we'll analyse the file, but if we find the risky content, we won't process the file at all.
      • Example: you can specify that Word files with macros aren't processed at all.

    Risky content types

    You're able to set preferences for the following risky content depending on your file type:

    Risky content typeRisk LevelDescription
    AcroformHigh RiskAn AcroForm is a PDF that contains form fields ('Acrobat Form'). In addition to looking like a form, it may also contain active code (e.g. JavaScript) that could be malicious. AcroForms can also be used to hide objects inside other objects.
    ConnectionsHigh RiskThe Excel connections feature controls connections to external data sources. This may present a risk if the external data source is compromised with malware or lead to SQL injection attacks, where the external data source is an SQL database.
    Digital SignaturesLow RiskThe source document may have been signed with a digital signature. While the signing may not represent a threat, if the ownership and trust of the certificate chain has been compromised, it could trick a user into viewing a document containing something malicious.
    DDEHigh RiskDynamic Data Exchange (DDE) allows data to be shared between applications in some old versions of Windows. DDE within a Microsoft document presents risk, as it may be used to execute malicious code on the recipient's computer.
    Embedded FilesHigh RiskEmbedded objects are files, items, or entities that have been added into a different program or object (for instance, a gif in a Word document). Embedded objects within files may present risk if they provide a way for active code to be triggered or hide data within a document.
    Embedded ImagesMedium RiskEmbedded images are pictures where data has been incorporated into the file. They may present risk if they provide a way for malicious content to be hidden inside the image.
    External HyperlinksMedium RiskExternal hyperlinks redirect you to open something outside the file. A hyperlink may seem innocent, but it could route to a different destination than the link that’s displayed. Caution is advised when clicking links in documents.
    Foreign ObjectsMedium RiskForeign objects may include items like HTML code, images, or other media types. They allow the author to include elements from other file formats or programming languages within the file that could be malicious.​
    GeoTIFFMedium RiskGeoTIFF is an extension to the TIFF file format and can include metadata that describes the coordinate system, projection, and other spatial properties of an image that the owner may not intend to disclose.
    Internal HyperlinksMedium RiskInternal hyperlinks route you to a different place within a file. An internal hyperlink may seem innocent, but it could route you to a different destination than the link that’s displayed. Caution is advised when clicking links in documents.
    JavascriptHigh RiskJavaScript is a form of active code that may be benign in nature, but all too often is used by bad actors to mount an attack against the user or receiving system in a business document.
    MacrosHigh RiskMacros are sequences of events (including keystrokes or clicks) that can be automated. Macros may seem benign in nature, but all too often are used by bad actors to mount an attack against the user or receiving system in a business document.
    MetadataMedium RiskMetadata is data about other data. Metadata may reveal information the owner may not intend to disclose, such as what computer was used to create the document or the original author's name.
    PDF ActionsHigh RiskPDF actions are built-in functionality in PDF documents. PDFs could include buttons that execute JavaScript or links to untrustworthy external resources. This means they could be used to launch a phishing attack, download malware, or steal sensitive information.
    Review CommentsMedium RiskReview comments are comments that have been added to Microsoft files. They may reveal information the owner may not intend to disclose, such as the original author's name.
    ScriptsHigh RiskA script is a form of active code that may be benign in nature, but all too often is used by bad actors to mount an attack against the user or receiving system in a business document.
    Tracked ChangedMedium RiskTracked changes convey the history of edits made within a file. They may reveal information the owner didn't intend to disclose.



    For more information please contact us.


    Was this article helpful?

    What's Next