Documente Academic
Documente Profesional
Documente Cultură
Legal Notice Copyright 2013 Medra Teknoloji Ltd. All rights reserved. MyDLP is a registered trademark of Medra Teknoloji Ltd. http://www.mydlp.com
MyDLP
Contents
About MyDLP ........................................................................................................................... 7 MyDLP Features ................................................................................................................... 7 Protection and Administration with MyDLP Network Server ......................................... 7 Protection & Discovery with MyDLP Endpoint .............................................................. 7 Getting started with MyDLP...................................................................................................... 8 Installation ............................................................................................................................ 8 Logging on to Management Console .................................................................................... 8 Log out .................................................................................................................................. 8 Checking Server Version ...................................................................................................... 8 Changing the default password ............................................................................................. 8 Changing the user information .............................................................................................. 9 Enforcing policies .................................................................................................................... 10 Introducing the policy tab ................................................................................................... 10 Rule table ....................................................................................................................... 10 Rule types ....................................................................................................................... 10 Rule structure ................................................................................................................. 11 Rule actions .................................................................................................................... 11 Rule Email Notification ................................................................................................. 12 Message to User ............................................................................................................. 13 Web Rule........................................................................................................................ 14 Mail Rule........................................................................................................................ 15 Removable Storage Rule ................................................................................................ 16 Removable Storage Inbound Rule .................................................................................. 17 Removable Storage Encryption Rule ............................................................................. 18 Printer Rule .................................................................................................................... 19 Discovery Rule ............................................................................................................... 20 ScreenShot Rule ............................................................................................................. 21 API Rule ......................................................................................................................... 22 Policy objects tree .......................................................................................................... 23 Information Types .......................................................................................................... 24 Information Type Example ............................................................................................ 26 Available Information Features ...................................................................................... 27 Finance Compliances ..................................................................................................... 29 Federal Regulations ........................................................................................................ 34 Sensitive Documents ...................................................................................................... 36 Network Security Information........................................................................................ 37 Policy actions ...................................................................................................................... 38 Adding policy rules ........................................................................................................ 38 MyDLP Administration Guide 3
MyDLP Adding a user defined category ...................................................................................... 38 Adding a user defined network ...................................................................................... 38 Adding a user defined information type ......................................................................... 39 Adding an User Defined Domain Name ........................................................................ 40 Adding an user defined File System Directory .............................................................. 41 Adding a user defined Source Domain ........................................................................... 41 Adding a user defined Application Name ...................................................................... 42 Adding a user defined user object .................................................................................. 42 Adding an active directory user object ........................................................................... 43 Dragging a source object into rule ................................................................................. 43 Dragging an information type into rule .......................................................................... 44 Setting a rule action ........................................................................................................ 45 Changing the rule priority .............................................................................................. 45 Deleting a rule ................................................................................................................ 46 Disabling a rule .............................................................................................................. 46 Editing the rule name and description ............................................................................ 46 Copying a rule ................................................................................................................ 47 Expanding and collapsing a rule .................................................................................... 47 Expanding and collapsing all rules ................................................................................. 48 Installing policy .................................................................................................................. 49 Objects tab ............................................................................................................................... 50 Introducing the objects tab .................................................................................................. 50 Creating a data format .................................................................................................... 50 Creating a keyword group .............................................................................................. 51 Importing keywords from file ........................................................................................ 52 Importing Keywords using RDBMS connection............................................................ 53 Creating a document database using files ...................................................................... 55 Synchronizing a document database using RDBMS Connections ................................. 59 Integrating with Active Directory Domain..................................................................... 61 Integrating with RDBMS Systems ................................................................................. 62 Logs tab ................................................................................................................................... 63 Introducing the logs tab....................................................................................................... 63 Log Structure.................................................................................................................. 63 Log Actions......................................................................................................................... 64 Finding events in a specific time period ......................................................................... 64 Detailed log search ......................................................................................................... 64 Resetting log filter .......................................................................................................... 65 Refreshing logs............................................................................................................... 65 Showing Hiding Archive Logs ....................................................................................... 65 Searching term in quarantined or archived files ............................................................. 65 MyDLP Administration Guide 4
MyDLP Exporting Logs as an Excel File..................................................................................... 65 Resending quarantined emails ........................................................................................ 66 The Endpoints tab .................................................................................................................... 67 Searching Endpoints....................................................................................................... 67 Clearing Endpoints Database ......................................................................................... 67 Online Endpoints ............................................................................................................ 67 Offline Endpoints ........................................................................................................... 68 The Settings tab ....................................................................................................................... 69 Protocols inner tab .............................................................................................................. 69 SMTP HELO name ........................................................................................................ 69 SMTP next hop host ....................................................................................................... 69 SMTP next hop port ....................................................................................................... 69 SMTP bypass on fail ...................................................................................................... 69 ICAP request mod path .................................................................................................. 69 ICAP response mod path ................................................................................................ 69 ICAP maximum connections ......................................................................................... 69 MyDLP user certificate .................................................................................................. 69 Users inner tab .................................................................................................................... 70 Administrative Users ...................................................................................................... 70 Types of Administrative Users Roles in MyDLP........................................................... 70 Adding a super administrator user.................................................................................. 71 Adding an administrator user ......................................................................................... 72 Adding an auditor user ................................................................................................... 72 Adding a classifier user .................................................................................................. 73 Deleting an administrative user ...................................................................................... 74 Editing an administrative user ........................................................................................ 74 Setting password for an administrative user ................................................................... 75 Endpoint inner tab ............................................................................................................... 76 Log level ........................................................................................................................ 76 Sync interval................................................................................................................... 76 Log limit ......................................................................................................................... 76 Discovery interval .......................................................................................................... 76 Discover on startup ........................................................................................................ 76 Ignore max size exceeded logs for discovery channel.................................................... 76 Log Spool Soft Limit ..................................................................................................... 76 Log Spool Hard Limit .................................................................................................... 76 Advanced inner tab ............................................................................................................. 77 Maximum Object Size .................................................................................................... 77 USB ACL inner tab ............................................................................................................. 78 Enterprise inner tab ............................................................................................................. 79 Mail Archive .................................................................................................................. 79 MyDLP Administration Guide 5
MyDLP Web Archive .................................................................................................................. 79 ICAP Minimum Archive Size ........................................................................................ 79 Edit Denied Page ............................................................................................................ 79 Email Notification .......................................................................................................... 81 Syslog Settings ............................................................................................................... 81 IRM inner tab ...................................................................................................................... 82 The dashboard tab .................................................................................................................... 83 Adding dashboard items ................................................................................................. 83 Display Weekly Report .................................................................................................. 83 The revisions tab ...................................................................................................................... 84
MyDLP
About MyDLP
MyDLP is a fully fledged data leakage prevention solution that offers network and endpoint protection and confidential data discovery.
MyDLP Features
You can monitor and control data flow and stored data in your organization with MyDLP. You can pass, log, archive and quarantine moving data, encrypt removable devices and delete discovered files on storages using policy actions. The two main components of MyDLP are the MyDLP Network Server and MyDLP Endpoint. These two components work together to protect your sensitive information in your organization.
MyDLP
Log out
Click icon on the upper right of the Management Console to log out.
In the Edit User Dialog enter your current password as "mydlp" (without the quotes). Enter your new password and re-enter it into respective fields. Password must have at least one uppercase and one lower case letter and a number. It should be at least six characters long.
MyDLP
MyDLP
Enforcing policies
Introducing the policy tab
The policy tab is used to define policies. On the left hand side there is the policy objects tree which is used to drag and drop predefined or custom objects into policy rules. On the right hand side there is the rule table which is empty after installation and represents your DLP policy.
Rule table
The rule table contains DLP rules in its rows. It has a priority order where top rule has the highest priority and applied first.
Rule types
There eight different available rule types classified according to inspection data channel. Each rule type is effective only on related data flow channel: : Web rule is used to monitor and control web traffic. : Mail rule is used to monitor and control e-mails. : Removable Storage rule is used to control data moved to removable memory devices such as USB memory sticks, removable hard drives, smart phones and etc. : Removable Storage rule is used to control data moved to removable memory devices such as USB memory sticks, removable hard drives. : Removable Storage Inbound rule is used to archive data copied from removable memory devices on to computer. : Printer rule is used to control print jobs. : Discovery rule is used to control data on storages. : Screenshot rule prevents print screen function while a sensitive application is running. : API rule is a unique feature of MyDLP allows you to integrate your custom applications with MyDLP.
10
MyDLP
Rule structure
Each rule has the following five part structure:
The first part is the Channel type and name. The icon near the rule name shows the type of the rule. The type of the rule determines the data channel to be inspected. Name is given during rule creation. It is a descriptive short name to show the purpose of the rule. The second part is the Sources constraint which restricts the rule on a certain user or a user group which can be denoted by IP address, network, Active Directory element or an email address depending on the rule type. Sources column is required for all types of rules. The third part is the Destinations. Destination function changes by the rule type, it can be domain, directories or application names. Destination column is not required for removable storage, removable storage inbound, printer and API rules. The fourth part is the Information Types. This represents the information to be searched in the related data channel during inspection. There many types of information types and custom information types can be defined. Information type column is not required for removable storage inbound and screenshot rules. Last part is the action. This shows the desired action to be taken when defined information type found on a data channel. Available actions are PASS, BLOCK, LOG, QUARANTINE, and ARCHIVE. Selected action type is shown on the last part of the rule with related icon.
Rule actions
PASS action allows information to pass through data channel freely without any logs. This action is available for all rule types. LOG action allows information to pass through data channel but generates event log. This action is not available for screenshot rules. ARCHIVE action allows information to pass through data channel, generates event log and archives a copy of information. This action is not available for screenshot rule. BLOCK action prevents information to pass through data channel and generates event log. This action is not available for removable storage inbound rules. QUARANTINE action prevents information to pass, generates event log and archives a copy of information. This action is not available for removable storage inbound rules and screenshot rules. ENCRYPT action is only available for removable storage encryption rules. It enforces encryption of connected removable devices. DELETE action is only available for discovery rules. It deletes matched discovered files. Use this action very carefully.
11
MyDLP
You can customize these notifications from Settings -> Enterprise tab.
12
MyDLP
Message to User
You can specify messages for blocked request for user for Email Rules and Web Rules as below. See Settings/Enterprise inner tab/Edit denied page section for further information.
13
MyDLP
Web Rule
Web Rule covers the whole Web channel. In order to enforce policies for protocols like HTTP, HTTPS, FTP, we will use this rule type. Social networking sites, Web mail services, blogs, wikis, forums, almost everything can be accessed from browser are under this topic. To use Web Rules you need to configure your web traffic to pass over MyDLP Network Server. Please see MyDLP Installation Guide.
Web Sources
You can use all kind of users (IP addresses, subnets, User defined users, AD users, AD groups, AD organization units) or predefined or user defined network objects as Source in this rule type. See Objects Tab chapter for creating user defined sources.
Web Destinations
You can use Domain objects as Destination for this rule type. Domains are Fully Qualified Domain Name (FQDN) accessed by users in web requests. See Objects Tab chapter for creating Domain objects.
14
MyDLP
Mail Rule
Mail Rule covers mail channel. In order to enforce policies for SMTP protocol you can use this rule type. Emails which have been sent through local mail servers will be analyzed using mail rules. Please see MyDLP Installation Guide for email server integration.
Mail Source
You can use all kind of users (User Defined Users, AD users, AD groups, and AD organization units), network objects or source domain objects as Source for this rule.
Mail Destination
You can use Domain objects as Destination for this rule. See Objects Tab chapter for creating Domain objects. You can also use miscellaneous destination properties for emails. In Policy Objects Tree under Predefined Destinations there is Mail has External BCC item which is used to match mails that have BCC field.
15
MyDLP
16
MyDLP
Note: Removable Storage Inbound Rule operates on any files smaller than Maximum Object Size (see Settings Tab / Advanced Subtab). If you use Archive action, depending on your users behavior you may need significant storage to store archived files.
17
MyDLP
18
MyDLP
Printer Rule
This rule covers printers at endpoints. MyDLP has unmatched printer inspection support. MyDLP supports network printers, USB printers, shared printers, and much more. Actually MyDLP supports anything that can print. That is why we call MyDLPs printer inspection channel unmatched. In order to enforce policies for printers at endpoints we will use this rule type. In order to inspect every single printing operation, MyDLP will use this rule type. To be able to use Printer Rules MyDLP Endpoint Agent should be deployed, please see MyDLP Endpoint Agent Installation Guide.
Printer Source:
You can use all kind of users (User Defined Users, AD users, AD groups and AD organization units), network objects or source domain objects as Source for this rule.
Printer Destination
It is not possible to define a destination in a Printer Rule.
19
MyDLP
Discovery Rule
This rule will be used to discover resting sensitive information in endpoints. Discovery rules will let you help you to see information leakage risk before any incident happened.
Discovery Source
You can use all kind of users (User Defined users, AD users, AD groups, AD organization units) or network objects as Source for this rule.
Discovery Destination
You can use File System Directory objects as Destination for this rule. The folders specified as Destinations on endpoints will be scanned by Discovery Rule to find whether they match the specified Information Type.
Note: Discovery Rule operates on any files smaller than Maximum Object Size (see Settings Tab/ Advanced Subtab). If you use Archive or Quarantine action, depending on your users behavior you may need significant storage to store archived files. Note: If you use Delete or Quarantine action be sure to specify Destination directories and Information Types carefully. Discovery Rule deletes any files matched without confirmation if you select Delete or Archive actions on endpoints.
20
MyDLP
ScreenShot Rule
This rule will be used to prevent screenshots when sensitive applications are running in endpoints. This rule does not send any log to management server. It simply blocks screenshot actions for selected Applications.
ScreenShot Source
You can use all kind of users (User Defined users, AD users, AD groups, AD organization units) or network objects as Source for this rule.
ScreenShot Destination
You can use Application objects as Destination for this rule.
21
MyDLP
API Rule
This rule will be used to manage behavior of MyDLP API. MyDLP API will help you to integrate MyDLP with other applications. See Integration/ MyDLP API Integration chapter for integrating your applications with MyDLP.
API Sources
You can use all kind of users (User Defined users, AD users, AD groups, AD organization units) or network objects as Source for this rule.
22
MyDLP
Predefined sources represent common network addresses. Predefined information types are common information types such as credit card numbers, IBAN, SSN. It also includes all matcher which is used to match all traffic. Compliance is an information type that includes predefined policies such as PCI DSS, SOX, and GLBA etc. Destinations are items that can be used in Destination column of a rule.
23
MyDLP
Information Types
Data Leakage Prevention concept relies on detecting information on a data transfer or residing data. The most important thing in a DLP product is being able to define this information with easy-to-use instruments. In MyDLP, this content definition instrument as Information Type. DLP inspections on channels, such as Web, Mail, Removable Storage, Printer, Discovery and others, is done according to associated information types. MyDLP has been shipped with a lot of predefined information types, new predefined information types are added in each version. Picture below show some of these information types:
Data format
Data Formats are used for determining the data formats (a data format is combination of several mime types ) that will be considered as a candidate for this Information Type. For example, if you select All Formats, all kind of files (or data) will be a candidate and DLP inspection (which will be defined in Information Features section) will be done for every single file. As similar, if you select PDF, PS, only files (or data) in Portable Document Format and PostScript formats will be considered as a candidate and DLP inspection will be done on only this kind of files.
24
MyDLP
Information Features
Using Information Features, you are be able to define properties of data content to be analyzed. Most important part of an Information Feature is the Matcher. All other properties of the Information Feature will be asked after selecting the Matcher, because every single Matcher has different functionalities and these different functionalities require different configuration options. The Matcher simply declares what you are looking for in a file ( or flowing data through a channel). Picture below is an example of Birth Date Matcher. Birth Date matcher matches birth dates and requires a property named Threshold value. This Threshold value specifies the number of occurrences of positive matching (in this case birth dates) in file (or flowing data chunk). For example, with this Information Feature (below), you are looking for (at least) two valid and separate birth date occurrences:
Distance
Distance is a property of Information Feature which is not applicable for all kind of Information Features. Distance property allows you to specify a context in terms of data size for a specific Information Feature. Simply, DLP analysis will return positive only if all defined Information Features have been found in specified distance. This feature lets you make DLP analysis in a context and drastically decrease false positives in big files. Screenshot below describes Distance usage briefly. In this example, there are two Information Features: Birth Date with threshold value 2 and Keyword MyDLP with threshold value 3. Distance is applicable for these Information Types and it has been set to value 250. It means that you are looking for two birth dates and three separate MyDLP keywords (keyword matcher directly matches exact string [case insensitive] ) in a 250 characters length sequence.
25
MyDLP
26
MyDLP
27
MyDLP
Feature: Keyword
This feature matches occurrence of entered keyword during creation of information type.
28
MyDLP
Finance Compliances
PCI
Matchers: Credit Card number Credit Card track 1 Credit Card track 2 Credit Card track 3
Threshold values: o Credit Card number: 1 o o o Credit Card track 1: 1 Credit Card track 2: 1 Credit Card track 3: 1
Distance: 32
EU FINANCE
Matchers: CCN with UK NINO Description: Consist of Credit card number and UK national number Threshold values: o o Credit card number: 1 UK national number: 1
Distance: 100 CCN with France INSEE Description: Consist of Credit Card Number and France INSEE Number Threshold values: o o Credit Card Number:1 France INSEE Number:1
Distance: 100 CCN with Spain DNI Description: Consist of Credit Card Number and Spain DNI Number Threshold values: o o MyDLP Administration Guide Credit Card Number: 1 Spain DNI Number: 1 29
MyDLP Distance: 100 CCN with Italy FC Description: Consist of Credit Card Number and Spain DNI Number Threshold values: o o Credit Card Number: 1 Spain DNI Number: 1
Distance: 100
GLBA
Matchers:
Name with sensitive Drug Description: Consist of Keyword Group Names and Keyword Group Sensitive Drug Names Threshold values: o o Keyword Group Names: 1 Keyword Group Sensitive Drug Names: 1
Distance: 100 Name with sensitive Disease Description: Consist of Keyword Group Names and Keyword Group Sensitive Drugs Names Threshold values: o o Keyword Group Names: 1 Keyword Group Sensitive Drug Names: 1
Distance: 100
CCN Description: Credit card number Threshold value: o Credit card number: 1
Distance: Disabled Name with SSN Description: Consist of Social Security Number and Keyword Group Names Threshold values: o o MyDLP Administration Guide Social Security Number: 1 Keyword Group Names: 1 30
MyDLP Distance: 100 SSN with Personal Finance Terms Description: Consist of Social Security Number and Keyword Group Personal Finance Terms Threshold values: o o Social Security Number: 1 Keyword Group Personal Finance Terms: 1
Distance: 100 Name with Personal Finance Terms Description: Consist of Keyword Group Names and Keyword Group Personal Finance Term Threshold values: o o Keyword Group Names: 1 Keyword Group Personal: 1
Distance: 100 ABA Routing Number Description: Consist of ABA routing number Threshold value: o ABA routing number: 1
Distance: Not enabled Name with 10 Digit Account Numbers Description: Consist of Keyword Groups Names and 10 Digit Account Number Threshold values: o o Keyword Groups Names: 1 9 Digit Account Number: 1
Distance: 100 Name with 9 Digit Account Number Description: Consist of Keyword Group Names and 9 Digit Account Number Threshold values: o o Keyword Group Names: 1 9 Digit Account Number: 1
Distance: 100
Name with 5-8 Digit account Description: Consist of Keyword Group Names and 5-8 Digit Account Numbers Threshold values: o o Keyword Group Names: 1 5-8 Digit Account Numbers: 1
MyDLP
SOX
Description: SOX consists of two subfolders as 10K forms and 10Q forms. These subfolders contain lots of matchers and description of each matcher given below; 10K Forms: A comprehensive summary report of a companys performance that must be submitted annually to U.S Securities and Exchange Commission (SEC) 10Q Forms: A comprehensive report of a companys performance that must be submitted quarterly by all public companies to U.S Securities and Exchange Commission (SEC) Matchers; 10K Forms: 10K Forms Cover Page Description: Consist of Keyword Group 10K Form Cover Page Keyword Threshold value: 6 Distance: 1500 10K Forms Table of Contents Page Description: Consist of Keyword Group 10K Form Table of Contents Keyword Threshold value: 12 Distance: 3500 10K Forms Stock Performance Graph Description: Consist of Keyword Group 10K Form Performance Graph Keyword Threshold value: 2 Distance: 200 10K Forms Financial Statements Description: Consist of Keyword Group 10K Form Financial Statement Keyword Threshold value: 3 Distance: 250 10K Forms Selected Financial Data Description: Consist of Keyword Group 10K Form Financial Data Keyword Threshold value: 500 Distance: 3
10Q Forms: 10Q Forms Cover Page Description: Consist of Keyword Group 10Q Form Cover Page Keyword Threshold value: 5 Distance: 1500 MyDLP Administration Guide 10Q Forms Table of Contents Page 32
MyDLP Description: Consist of Keyword Group 10Q Form Table of Contents Keyword Threshold value: 5 Distance: 3000 10Q Forms Consolidated Balance Sheets Description: Consist of Keyword Group 10Q Form Consolidated Balance Sheet Threshold value: 6 Distance: 1500 10Q Forms Other Information Description: Consist of Keyword Group 10Q Form Other Information Keyword Threshold value: 4 Distance: 2000
Investments Information
Matchers:
Investment Related Document Description: Includes Keyword Group Investment Information Threshold values: 5 Distance: 1000
Pricing
Matchers: Pricing Information Description: Includes Keyword Group Pricing Information Threshold values: 5 Distance: 1000
33
MyDLP
Federal Regulations
Description: Federal Regulations section created to meet requirements of HIPAA. HIPAA, the Health Insurance Portability and Accountability Act is Federal Regulation health records. The purpose of Act is to protect billing and the confidential medical records of patient. MyDLP allows the institution to protect customers confidential information and meet the requirements of HIPAA with following matchers. Matchers:
HIPAA
CCN with Sensitive Drug Names Description: Consist of Credit Card Number and Keyword Group- Sensitive Drug Names Threshold values: o o Credit Card Number: 1 Keyword Group- Sensitive Drug Names: 1
Distance: 100 CCN with Sensitive Disease Names Description: Consist of Credit Card Number and Keyword Group-Sensitive Disease Names Threshold values: o o Credit Card Number: 1 Keyword Group-Sensitive Disease Names: 1
Distance: 100 SSN with Sensitive Drug Names Description: Consist of Social Security Number and Keyword Group-Sensitive Drug Names Threshold values: o o Social Security Number: 1 Keyword Group-Sensitive Drug Names: 1
Distance: 100 SSN with Sensitive Disease Names Description: Consist of Social Security Number and Keyword Group-Sensitive Drug Names Threshold values: o o MyDLP Administration Guide Social Security Number: 1 Keyword Group-Sensitive Drug Names: 1
MyDLP Description: Consist of Credit Card Number and Keyword Group-Common Disease Names Threshold values: o o Credit Card Number: 1 Keyword Group-Common Disease Names:2
Distance: 100 SSN with Common Disease Names Description: Consist of Social Security Number and Keyword Group- Common Disease Names Threshold values: o o Social Security Number: 1 Keyword Group- Common Disease Names: 1
Distance: 100 Date of Birth with Names Description: Consist of Birth Date and Keyword Group-Names Threshold values: o o Birth Date: 1 Keyword Group-Names: 1
Distance: 100 Names with Common Disease Description: Consist of Keyword Group-Common Disease Names and Keyword Group Names-Names Threshold values: o o Keyword Group-Common Disease Names: 1 Keyword Group Names-Names: 1
Distance: Not enabled Name with Sensitive Drug Description: Consist of Keyword Group-Names and Keyword Group-Sensitive Drug Names Threshold values: o o Keyword Group-Names: 1 Keyword Group-Sensitive Drug Names: 1
Distance: 100 Name with Sensitive Disease Description: Consist of Keyword Group-Names and Keyword Group- Sensitive Disease Names Threshold values: o o MyDLP Administration Guide Keyword Group-Names: 1 Keyword Group- Sensitive Disease Names: 1 35
MyDLP Distance: 100 DNA Description: Consist of DNA Pattern matcher Threshold values: 1 Distance: Disabled National Drug Codes Description: Consist of National Drug Codes Threshold values: 1 Distance: Not available
Sensitive Documents
Description: Sensitive Documents consist of three main subfolders such as Strategic Business Document, Resume for HR and Sensitive Keywords Matchers: Strategic Business Document Description: Consists of Keyword Group Strategic Business Document Keywords Threshold values: 10 Distance: 2000 Resume For HR Description: Consists of Keyword Group Curriculum Vitae Keywords Threshold values: 8 Distance: 2000 Sensitive Keywords Description: Consist of Keyword Confidential Threshold values: 6 Distance: 5000 Top Secret Keyword Description: Consists of Keyword top secret Threshold: 6 Distance: 5000 Restricted Keyword Description: Consists of Keyword-Restricted Threshold: 6 Distance: 5000 Sensitive Keyword Description: Consist of Keyword-Sensitive Threshold: 6 MyDLP Administration Guide 36
37
MyDLP
Policy actions
Adding policy rules
1. To add a rule into policy click rule table. button on the top or bottom of the
2. 3. 4. 5. 6. 7.
Move the rule place holder seen above to the desired place in the rule table. Click to add the rule.
Select the rule type that you want to add. Add a Name and Description for the rule. Click Save. Selected rule type with given name is created and can be seen on the top of the rule table.
2. 3.
It's color turns to blue and a plus icon Click on the plus icon.
should appear:.
38
In Edit Dialog enter a descriptive name for network. Enter a valid IP address into IP Base. Example: 192.168.1.25 Enter a valid IP net mask into IP Mask. Example : 255.255.255.0
10. Click Save. 11. New user defined network object will be listed under user defined section at the left side of the Policy Screen. This new network object can be used as source with all types of rule except for mail rule.
Click on User Defined folder icon: Its color turns to blue and a plus icon Click on the plus icon. Select the item type:
In Edit Dialog enter a descriptive name for information type. Select a data format from available data formats by clicking on it. Move selected data format to current active by clicking on icon.
Click on icon under Feature Configuration to add a feature into your information type. Select the feature type.
9.
10. Enter the threshold for feature type. MyDLP Administration Guide 39
MyDLP NOTE: Threshold value must be numeric value starting from 1 11. Click on Save. 12. If you need more than one feature return to step 9. 13. Click on Save.
40
MyDLP
7.
Click Save.
New Domain will be listed under predefined section at the left side of the Policy screen. You can use this domain as a destination for Web and Email rules
7.
Click Save
New File System Directory object will be listed under predefined section at the left side of the Policy screen. You can use this File System Directory as a destination for Discovery Rules
MyDLP 3. 4. 5. 6. Click on the plus icon. Select the item type: Enter a descriptive name Enter a source domain name
Example: mydlptest.com Click Save. New Source Domain will be listed under predefined section at the left side of the Policy screen. You can use this Source Domain as a Source for Email Rules
1. 2. 3. 4. 5. 6.
Click on User Defined folder icon: It's color turns to blue and a plus icon Click on the plus icon. Select the item type: Enter a descriptive name Enter an application executable name including extension (ex: Excel.exe). You can check application name using Task Manager while running target application. Click Save New Application Name object will be listed under predefined section at the left side of the Policy screen. You can use this as a destination for Screenshot Rules should appear:
7.
MyDLP 4. 5. 6. 7. Select the item type: To create a user manually select Enter a descriptive name. Enter username as one of the options below: a. (Option 1) Enter a username for e-mail or account such as user@domain.com. (Option 2) Enter a username for Active Directory user account such as user@domain.com. (Option 3) Enter a username local user account such as user@computername
b.
c.
For Option 2 and 3 when targeted user is logged on to his endpoint you can check Logged On User Name under Endpoints tab to be sure about user name. 8. Click Save.
Note: Before you do this action you need to integrate with Active Directory using objects tab.
43
MyDLP
2.
2.
44
MyDLP
2.
3.
2.
Drag the selected rule desired place , place line will assist you while dragging the rule.
45
MyDLP
3.
After you dropped the selected rules , new arrangement will be as follows
Deleting a rule
1. 2. Click on the rule that you want to delete. Click on the icon.
Disabling a rule
Disabled rules will not have an effect on your policy. Disabled rules have an their rule name. 1. Click on the rule that you want to disable. 2. Click on the icon. icon near
Change the name as you need. Change the description as you need Click Save.
46
MyDLP
Copying a rule
1. 2. 3. 4. 5. 6. Click on the rule that you want to copy Click on icon to copy the rule.
Change the name for the copied rule. Change the description for the copied rule. Click Save. Copied rule will added below the original rule.
1.
2.
Click on
3.
Group will be expanded and all hidden items will be seen listed Sources, Destination and Information Types column.
4.
Click on
47
MyDLP
48
MyDLP
Installing policy
The policy you created in policy tab is not activated instantly after you edit it. You need to install the current policy as below: 1. 2. Click on button on the top of the screen
Note: Once you make any changes on MyDLP UI please do not forget to click install policy button otherwise the changes made will be canceled out and newly added rules, policy changes will not apply to endpoints.
49
MyDLP
Objects tab
Introducing the objects tab
Objects tab is used to define advanced policy object which cannot be created in policy tab. On the left hand side there is the objects tree. On the right hand side there is the object editing pane.
It should change its color to blue and a plus icon should appear
3. 4. 5.
Click on
icon.
Give a descriptive name for new data format Click on icon to add a new MIME type
6.
Click Save in dialog Go to step 5 if you want to add more MIME types Click Save. 50
MyDLP
Note: For further information about MIME types please see also, http://www.iana.org/assignments/media-types
It should change its color to blue and a plus icon should appear Click on icon.
4. 5.
Give a descriptive name for the new keyword group Click on icon to add new keyword
6. 7.
8. 9.
51
MyDLP
3. 4. 5.
Click on
icon.
6. 7. 8. 9.
Select the keyword file on your PC. Click open. You can deselect found keywords by clearing checkbox near a keyword. Click Save in dialog.
52
MyDLP
2.
3.
Enter table name, table name will be completed automatically if a matching table exists.
4.
Enter column name, column name will be completed automatically if a matching column exists .
5.
53
MyDLP
6.
Click Save. Entries will be updated at each night automatically and new items in selected column will be included in Keyword Group.
7.
(Optional) If you want to enumerate immediately click Enumerate Now, this will fetch the entries and add it to Keyword Group.
54
MyDLP
4. 5. 6.
Give a descriptive name for the new document database in opened edit dialog. Click on icon to add a file into database.
Once you click the plus button you will be presented with upload dialog. There two upload options are available for document databases as below:
7.
Select and follow one of the Web-based Uploader or Multiple File Uploader methods described below.
Web-based Uploader
Web-based uploader enables the users upload files one by one. Usage: Continue from step 7 of Creating a document database using files 1. 2. 3. 4. 5. 6. 7. 8. 9. Please select Web-based Uploader Click Browse to find the file on your local PC. Select the file in file open dialog. Click Open. Wait for file upload and analyzing to be finished. This can take a while. Click OK. Go to step 2 if you want to add more files in to document types Click Save. Then click Install Policy button
55
MyDLP
3.
Download link will be open at another tab on the browser. Please click the mydlp-ui-tools-uploader-1.0.0-SNAPSHOT.air to start the download.
4. 5.
Double click on downloaded Installer Package Please select Install on Application Install wizard
56
MyDLP
6. 7.
8.
3. 4. 5. 6.
Run MyDLPUploader.exe under Program Files\MyDLP Uploader Switch to MyDLP Multiple File Uploader application Paste generated token into MyDLP Multiple File Uploader Click Enter
57
MyDLP
7. 8.
9.
All files under selected folder will be listed. Click click to start upload
10. Wait until all files are uploaded then click Close 11. Switch back to MyDLP Web Management interface. Click Install Policy button
58
MyDLP
2.
3.
Enter table name, table name will be completed automatically if a matching table exists .
4.
Enter column name, column name will be completed automatically if a matching column exists .
59
6.
Click Save. Entries will be updated at each night automatically and new items in selected column will be included in Document Database.
7.
(Optional) If you want to enumerate immediately click Enumerate Now, this will fetch the entries and add it to document database. Warning, enumerating large amount of data during business hours may result in performance issues.
60
MyDLP
It should change its color to blue and a plus icon should appear Click on icon.
In Active Directory Domain Edit Dialog fill following: Enter domain name. a. This is the fully qualified domain name (FQDN) of your domain defined in you domain controller.
6.
Enter IP address of your domain controller. a. This is the IP address or the resolvable hostname of the AD domain controller. b. If you have more than one domain controller in your domain enter the primary domain controller IP or hostname. c. If you have more than one domain with separate domain controllers you need to integrate them separately starting form step 1 for each domain.
7. 8.
Enter NetBIOS name of your domain controller. Enter Active Directory username. a. This should be a user account which has privilege to enumerate all users and groups in your AD domain. b. For security reasons, create a separate account for integration which has no administrative privileges.
9.
10. If you have domain alias for email addresses click on 11. Enter domain alias. 12. Click Save. 13. If you need more aliases go to step 10. 14. Click Save & Enumerate. 15. Wait for enumeration to complete.
61
MyDLP
5. 6.
Enter a descriptive name for connection. Select type of Database Server. If your server type is not listed please contact support@mydlp.com.
7. 8. 9.
JDBC URL of your database as seen in example above. Enter database username. Enter database user password.
62
MyDLP
Logs tab
Introducing the logs tab
You can monitor all DLP related events in logs tab. On the top side there is the log tool bar. Using log tool bar you can search for logs in a specific time period. You can do a full text search in archived and quarantined files using search in content button. On the middle there is the log table.
Log Structure
Logs listed in log table have the following structure: 1. 2. 3. 4. 5. 6. Date: Data and time of the event Source: Source of data Destination: Destination of data Policy: Related policy rule Details: Details about rule Files: If log is the result of a rule with archive or quarantine action you can download the archived files here.
63
MyDLP
Log Actions
Finding events in a specific time period
1. 2. 3. 4. 5. Click icon near the start date
Find the start date using calendar widget Click icon near the end date
Find the end date using the calendar widget Click on the Search button
3.
4.
5.
6.
7.
64
MyDLP
Refreshing logs
1. Click on the Refresh button.
2.
When you search a term, a new column appears on the right showing files or data content including term. If you click on the column you can see the related incident with that data or content on the logs table at the left side.
65
MyDLP
If you want to resend email to its recipient click on In Policy column Requeue on progress... can be seen.
66
MyDLP
Searching Endpoints
You can filter endpoint listed in the endpoints table according to IP address, username and version. Enter term to be searched in to text box and click Search button. To clear the search click Reset button.
Online Endpoints
Online Endpoints are shown as below with Endpoint ID, IP Address, Logged on user, Installed Agent Version, Last Update Date and First Seen Date.
Endpoint ID is the unique ID given to each Endpoint via secure protocol and remains unchanged if your endpoint host changes IP address or hostname. If you have relevant discovery rule in Policy Tab, you can initiate endpoint discovery on online endpoints by clicking Discover Now.
67
MyDLP
Offline Endpoints
Offline endpoints will be shown as faded with colored background in the table.
68
MyDLP
69
MyDLP
ROLE_ADMIN
Administrator has restricted technical management access. Administrator manages day to day operations Administrator is able to control DLP policy and edit almost all settings. . Usually Administrator is an employee from the IT department and does not need to have the privilege to see confidential file contents captured during Archive or Quarantine actions. Administrator is not able to see the content data in DLP incident logs. Administrator has the below privileges: Create administrative users. Assign roles, ROLE_ADMIN, ROLE_CLASSIFIER to administrative users. Delete administrative users which does not have ROLE_SUPER_ADMIN role other than itself. Set password for self and other administrative users which do not have ROLE_SUPER_ADMIN and ROLE_AUDITOR. See DLP event logs not to see content data attached to logs. Edit DLP policy and objects. Install policy. Edit all settings under Settings Tab, has restricted access to Users Tab.
70
MyDLP
ROLE_AUDITOR
Auditor has restricted access to Logs Tab. Auditor needs very little technical knowledge and do not have the ability to change any settings or DLP policy. Auditor can be an executive, legal department and Auditor is able to see DLP event logs and content data attached to these logs. Authority Scope is a restriction which can be defined when MyDLP integrated with Microsoft Active Directory, limits the events that can be seen by Auditor to one or more specified organization units. Auditor has following privileges: Set password for self. See all DLP logs and content data attached to logs (If Authority Scope is not specified) See DLP logs related to specified Authority Scope(If Authority Scope Specified)
ROLE_CLASSIFIER
Classifier has restricted access to Objects Tab. Classifier is able to upload documents to previously specified Document Databases. Set password for self. Upload documents to predefined Document Databases
71
MyDLP
2. Click on 3. Enter email address for new user. 4. Enter user name for new user. 5. Check Is active? checkbox if you want to activate user. 6. Select ROLE_ADMIN 7. Click Save.
72
MyDLP
73
MyDLP
74
MyDLP
75
MyDLP
Sync interval
Sync interval is the time between synchronizations between MyDLP Endpoints and MyDLP Network Server in microseconds.
Log limit
Size of the operational logs kept on MyDLP Endpoint in bytes. Default value is 1048570 (10 MB). Raising this value too much may fill hard drives of machines running MyDLP Endpoint.
Discovery interval
Discovery interval shows the time period between running discovery rules in microseconds.
Discover on startup
If discover on startup option is checked, discovery rules will be run during MyDLP Endpoint startup before waiting for the discovery interval.
76
MyDLP
77
MyDLP
Adding descriptive comment such as user name, department purpose etc. is necessary since it is hard to determine Unique Id or Device Token of a USB stick later. You are also able to search identified USB devices by using search field and button. Searching on device token, unique id and comment is available. In addition, by clicking reset button, you are able to remove search criteria from USB devices.
78
MyDLP
Web Archive
Web archive option archives all web traffic without checking its content. This option may require substantial amount of storage depending on your web traffic.
79
80
MyDLP
Email Notification
You can customize email notifications defined in policy rules as below.
Syslog Settings
You can define Syslog servers to redirect MyDLP logs by defining host, port and Syslog facility. You can redirect three types of logs as below: ACL logs are DLP logs which you will be most interested, shows DLP incidents. Diagnostic logs are logs about operation errors and system health. System Reports are audit logs which have detail about every action taken on MyDLP management server. It provides accountability.
81
MyDLP
82
MyDLP
2.
83
MyDLP
84