10-08-2009 10:53 AM
is there a way to create content policies on web security appliances on information sent on public mails( gmail yahoo ) or IMs?
it might sound stupid as you cannot control the mail server so filter what can be sent out or not but on the other hand you can monitor the web traffic
:-)
10-08-2009 08:51 PM
You might be referring to our DLP (Data Loss Prevention) seen on 6.0 and above. Below is a clip from our User Guide, you can search for that section to see if it fits your needs.
DATA SECURITY AND EXTERNAL DLP POLICIES OVERVIEW
In the Information Age, your organization’s data is one of its most prized possessions. Your
organization spends a lot of money making data available to your employees, customers, and
partners. Data is always on the move by traveling over the web and email. This increased
access poses challenges for information security professionals to figure out how to prevent the
malicious, accidental, or unintentional loss of sensitive and proprietary information.
The IronPort Web Security appliance secures your data by providing the following
capabilities:
• IronPort Data Security Filters. The IronPort Data Security Filters on the Web Security
appliance evaluate data leaving the network over HTTP, HTTPS, and FTP to control what
data goes where and how and by whom.
• Third party data loss prevention (DLP) integration. The Web Security appliance integrates
with leading third party content-aware DLP systems that identify and protect sensitive
data. The Web Proxy uses the Internet Content Adaptation Protocol (ICAP) which is a
lightweight HTTP based protocol that allows proxy servers to offload content scanning to
external systems. By offloading the content scanning to dedicated external systems, the
Web Proxy can take advantage of the deep content scanning in other products while
being free to perform other Web Proxy functions with minimal performance impact.
10-09-2009 07:07 AM
hello khoa,
many thanks for the reply.
no plan to implement a dlp solution ( i.e. verdasys) what i want to focus on is the following as mentioned by you:
- "IronPort Data Security Filters. The IronPort Data Security Filters on the Web Security appliance evaluate data leaving the network over HTTP, HTTPS, and FTP to control what data goes where and how and by whom. "
is it possible to know any where to find m ore info and any example on the above?
cheers
10-09-2009 06:01 PM
More info on our site: http://www.ironport.com/technology/ironport_dlp_overview.html
there are a few pdf there, but the User Guide can help with the setup if needed.
10-13-2009 09:40 AM
hi again khoa,
well i am trying to activate the data security service on the ironport web appliance but i am having some difficulties.
any idea how to activate it?
here is an excerpt from the guide:
enable the IronPort Data Security Filters. To scan upload requests on the appliance, you must first enable the IronPort Data Security Filters. Usually, the IronPort Data Security Filters feature is enabled during the initial setup using the System Setup Wizard. Otherwise, go to the Security Services > Data Security Filters page to enable it.
i am finding no where the data security filters page at the security services.
the appliance is s160
cheers
10-13-2009 08:07 PM
What version are you using? This feature is only available with AsyncOS for Web 6.0 and later.
10-14-2009 10:58 AM
yes it is the problem of the version
it is upgraded now but still it has some problems.
it cant block specific file name
10-15-2009 12:31 AM
is the idsdataloss_logs showing anything? it might give you some clues, if not a support ticket might be needed.
10-15-2009 08:07 AM
where to find it? ids_datalogd???
10-16-2009 09:24 AM
where i can find the ids logs?
have another question
has anyone tried to find the user name that is entered in the web mail account login page?
any idea if this is doable?
( from the access logs of the irononport?)
10-16-2009 05:46 PM
You can find the Data Security Logs in the same place as all log files on the WSA (such as the Access logs). You can find them from the GUI by going to the System Administration > Log Subscriptions page. For more information on how to retrieve log files, see the Logging chapter in the user guide.
As for your other question, I'm not sure I can help you. My *guess* is that you can't, but hopefully someone else can answer for sure.
10-16-2009 07:01 PM
If you do not see the ids logs, then you might need to enable it:
CLI > logconfig > new > Data Security Logs
10-20-2009 08:41 AM
thanks khoa
its there its already activated.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide