Data Loss Prevention

 View Only
  • 1.  How to configure DLP to protect a specific network share on a fileserver?

    Posted Feb 09, 2012 06:56 AM

    Hi all,

    I'm trying to find out how to configure DLP Endpoint to protect a specific network share or fileshare folder on a fileserver.

    What i am trying to achieve is whether it is possible to do this because i can configure a DLP Endpoint policy to prevent

    anything to be copied from all network shares available.

    So the requirement is that DLP Endpoint to protect data being copied/moved from one specific network share to local drive

    and agent is installed on the workstations, not on the fileserver.

    Thanks in advance.



  • 2.  RE: How to configure DLP to protect a specific network share on a fileserver?
    Best Answer

    Posted Feb 09, 2012 08:13 AM

    I think that what you'd have to do is this:

    1. Create a policy with the endpoint destination set to Local Drive.
    2. Go to system -> agent configuration -> edit the configuration
    3. Edit the monitoring filter by adding the path to the fileshare.

    The problem with doing it this way is that you can't really monitor anything else unless you specify other monitoring filters...and the copy to local endpoint rule will be applied for everything that's monitored! As you can see this isn't really a good solution.

    To do what you're describing, I think it's best to just use the permissions settings in Windows to restrict who can access which file share. This is a much cleaner solution.

    If you really wanted to use DLP to do it, you'd have to use network protect.

    Hope this helps a bit

    -----------------------------

    If this post has helped you or solved your problem, please don't forget to vote or mark as solution.



  • 3.  RE: How to configure DLP to protect a specific network share on a fileserver?

    Posted Feb 09, 2012 09:31 AM

    xlloyd,

    So let me get it straight, basically i need to have another monitoring filter on top of this so that i can monitor anything else, correct?

    Looks promising though. The reason why i am looking for this is because a future customer already has a set of keywords to use and recently have added a new share folder where they haven't been able to give me the keywords to be used, so they were asking whether protecting the whole fileshare is possible regardless of content definition.

    Also they want to protect the data from being leaked out by the defined allowed users (defined in the Windows permissions settings) through email, copy/move, etc.

    Also another question, in what way can Network DLP address this cause as far as i know it only can remove/quarantine the data that is not supposed to be there ?

    Thanks a lot man



  • 4.  RE: How to configure DLP to protect a specific network share on a fileserver?

    Posted Feb 09, 2012 11:15 AM

    Also another question, in what way can Network DLP address this cause as far as i know it only can remove/quarantine the data that is not supposed to be there ?

    Wow you're right! I said that without thinking...my bad! surprise

    My first thought was that you'd have to put the endpoint agent on the server but after thinking about it, I couldn't think of a way to limit who can copy the file from the share. It was tough to wrap my head around it 'cause now everything is backways.

    I'm going to run a few tests and post back in a bit. I think I thought of a way to solve this.



  • 5.  RE: How to configure DLP to protect a specific network share on a fileserver?

    Posted Feb 10, 2012 05:15 AM

    xlloyd,

    i was also thinking of putting the agent on the fileserver but haven't tried it out.

    I'll wait for your test results, in the mean time.

    Thanks again.



  • 6.  RE: How to configure DLP to protect a specific network share on a fileserver?

    Posted Feb 10, 2012 12:47 PM

    I tried and couldn't get it to work with the agent on my local machine. I suppose that if you put the agent on the server it should work but I'm not sure how you'd classify who is copying off the file...

    Sorry I couldn't be more help!



  • 7.  RE: How to configure DLP to protect a specific network share on a fileserver?

    Posted Feb 11, 2012 01:49 AM

    no problems, you've already helped alot ... thanks!!