04-07-2015 06:54 AM - edited 03-11-2019 10:44 PM
If deep packet inspection "sees" personal identifying information in a packet(SS#, Bank account information, etc.), does it log the information in clear text, does it replace with other characters, does it remove it form the log? Thanks in advance.
Solved! Go to Solution.
04-07-2015 07:01 PM
Well I am pretty sure the answer is no. However I am not sure when you refer to logging the information, logging to where?
If you mean to an external syslog server then no, it wont send the payload just the header information.
Also the ASA doesn't support DLP by default either, so it wont have any clue as to what is sensitive data and what is not.
The administrator could mirror all traffic from a firewall out to a forensic server to look at all that kind of info though if they wanted to, and the Cisco would forward it out exactly as it was transmitted it would not obscure anything.
04-07-2015 07:01 PM
Well I am pretty sure the answer is no. However I am not sure when you refer to logging the information, logging to where?
If you mean to an external syslog server then no, it wont send the payload just the header information.
Also the ASA doesn't support DLP by default either, so it wont have any clue as to what is sensitive data and what is not.
The administrator could mirror all traffic from a firewall out to a forensic server to look at all that kind of info though if they wanted to, and the Cisco would forward it out exactly as it was transmitted it would not obscure anything.
04-08-2015 09:07 AM
Thanks. That answers my question. I appreciate it.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: