Scripts such as Bash Shell, Python, Perl, and PowerShell scripts can contain a large amount of information. Attackers can use the information to perform common operations on hosts.
Impacts
- Unauthorized operations performed by an employee of an enterprise
The scripts that are remotely downloaded and contain malicious commands can be used to run pre-written commands.
- Attacks
The scripts that are remotely downloaded and contain malicious commands can be used to launch attacks.
- Spreading of worms and trojans
Worms and trojans compromise hosts by using scripts. In most cases, the scripts are written to crontab files for periodic execution. This way, the scripts cannot be permanently deleted from the hosts.
Operations in the Cloud Firewall console
The rules that you can use to disable script downloading are in Monitor mode. Downloaded scripts can be used to run commands such as Bash history and useradd on your hosts. If you want to disable script downloading in the cloud, you can log on to the Cloud Firewall console, choose , and click Customize in the Basic Protection section. In the Customize Basic Protection Policies dialog box, change the mode of some or all related rules to Block. This prevents or minimizes the preceding impacts in an efficient manner.