Cyber Security Awareness Month - Day 26 - Sharing Office Files
Today's CSAM topic is Sharing Office Files.
There are some good points of attention when doing this.
1) Sharing inside the company.
Most companies have shared drives where people use to store documents that can be accessed by
one or several groups.
It is very important that you know who is on the list of Trusted people that can access those documents.
It is also necessary that the shares are included on the Anti-Virus scan and Backup process.
If you are not using a shared drive, but a web-based internal service like MS Sharepoint, the same check
should be done regarding the access control.
Sharing internal documents using external providers such as Google Docs, or Online Fileservers may be a
risk and very likely an internal policy violation even if they provide some level of authentication, so those should
be avoided at any cost.
2) Sharing Outside the company
Sometimes we need to share documents with third party and this can be a difficult task when it comes to security.
When not being able to use some kind of public/private key encryption method between the email exchange,
what I recommend is to use a common key and compact the file with a strong crypto algorithm such as AES.
Most compressors, like WinZip, WinRAR and 7-ZIP offer this option, so in this way you can ensure that even if the
email or file goes to the wrong hands, they may not be able to open the document.
3) Sharing inside the company with removable drives
Sometimes we need to share a document inside the company via removable drives.
At this point you can't really trust what it inside the thumb drive besides the document you need, and today it is very
common to find malware inside them, that will execute via Windows Autorun feature.
If your IT policy allows, you should really disable it this feature.
One thing that I usually do is to check them on my Linux box, and remove autorun.inf file from it before insert on my
4) Receiving Office Documents from outside the company
When receiving documents from outside the company, those will mostly be PDF or MS Office (.DOC, .XLS, .PPT).
Sometimes they may be legit documents, sometimes they may be part of a target attack :) .
There are a couple of ways to check those files. Our fellow handler Lenny Zeltser put together a very nice Cheat Sheet,
called...Analyzing Malicious Documents Cheat Sheet :) You can find the PDF here ( Don't worry, it is not malicious ):)
It contains several tools that you can use to help the identification of malicious documents when you don't want
to send them to external websites such as VirusTotal or Wepawet due some possible confidentiality issues.
As a last resource, create a VM image with Office and open the documents there :)
Pedro Bueno (pbueno /%%/ isc. sans. org)
(c) SANS Internet Storm Center. http://isc.sans.org Creative Commons Attribution-Noncommercial 3.0 United States License.