What Is File Blocking?

What Are the Functions of File Blocking?

File blocking identifies specific types of files transferred on the network, checks incoming and outgoing data flows, and permits or blocks specific types of files to reduce potential threats and security risks.

• Reducing the risk of malware files entering the internal enterprise network

  Malware often infects or attaches to executable files, and has become increasingly adept at evading antivirus detection and breaching devices. Therefore, two measures can be taken to significantly reduce the risk of malware infiltrating the internal network: preventing internal network users from downloading executable files from the Internet and blocking Internet users from uploading executable files to internal network servers.

• Reducing the risk of confidential information disclosure

  Generally, confidential information is stored in the documents that can be compressed. If employees upload such documents to the Internet or hackers steal such documents from internal network servers, enterprises' confidential information or users' personal information will be leaked. As such, blocking internal network users from uploading documents and compressed files to the Internet and Internet users from downloading documents and compressed files from internal network servers can greatly reduce the risk of confidential information leakage.

• Preventing file transfer that occupies a lot of bandwidth and affects employees' work efficiency

  Employees downloading a large number of non-work-related video or compressed files not only occupies a lot of network bandwidth but also reduces employees' work efficiency. Therefore, preventing internal network users from downloading video and compressed files from the Internet can help to improve employees' work efficiency and ensure there is enough bandwidth for normal services.

• Assisting in enterprise compliance and policy implementation

  File blocking helps enterprises implement and comply with laws and internal policies to ensure that files transferred by employees on the network comply with security standards.

How Does File Blocking Work?

The file blocking-capable firewall can identify types of files that it transmits, and block or generate alerts for files of specific types.

When a file (traffic flow) passing through the firewall matches a security policy rule that has the permit action configured and references a file blocking profile, the file needs to undergo file blocking detection.

1. The firewall identifies the file application, file transfer direction, file type, and file name extension. If the actual file type cannot be identified, the firewall will filter files based on the file name extension.
   • File application: Files are transferred over application protocols such as HTTP, FTP, SMTP, POP3, NFS, SMB, and IMAP.
   • File transfer direction: The value can be upload or download.
   • File type: The device can identify the actual file type. For example, even if the name of a Word document is changed from file.doc to file.exe, the file type is still identified as doc.
   • File name extension: indicates the suffix of the file name (including the compressed file). For example, the file name extensions of file.doc and file.exe are doc and exe, respectively.
2. The firewall matches the identified file attributes (file application, file transfer direction, file type, and file name extension) against the rules in the administrator-defined file blocking profile.

   If the attributes of a file meet all the conditions in a rule, the file matches the rule successfully. If any condition is not met, the firewall continues to match the file attributes against the next rule. If the file does not match any rule, the firewall permits the file transfer.

   If the file matches a rule, the firewall performs the action defined in the rule. Specifically, if the action is Block, the firewall blocks the file transfer. If the action is Alert, the firewall permits the file transfer and generates a log.

   For more information, see HiSecEngine USG6000F Product Documentation.