CP_R75.40_DataLossPrevention_AdminGuide.pdf - Data Loss...

This preview shows page 1 out of 159 pages.

Unformatted text preview: Data Loss Prevention R75.40 Administration Guide 9 May 2012 Classification: [Protected] © 2012 Check Point Software Technologies Ltd. All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice. RESTRICTED RIGHTS LEGEND: Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19. TRADEMARKS: Refer to the Copyright page ( ) for a list of our trademarks. Refer to the Third Party copyright notices ( ) for a list of relevant copyrights and third-party licenses. Important Information Latest Software We recommend that you install the most recent software release to stay up-to-date with the latest functional improvements, stability fixes, security enhancements and protection against new and evolving attacks. Latest Documentation The latest version of this document is at: For additional technical information, visit the Check Point Support Center ( ). For more about this release, see the home page at the Check Point Support Center ( ). Revision History Date Description 9 May 2012 Updated the export CA certificate command syntax ("Exporting a Certificate from the Security Management Server" on page 46) 16 April 2012 First release of this document Feedback Check Point is engaged in a continuous effort to improve its documentation. Please help us by sending your comments (mailto:[email protected]?subject=Feedback on Data Loss Prevention R75.40 Administration Guide). Contents Important Information .............................................................................................3 Introduction to Data Loss Prevention ...................................................................8 The Need for Data Loss Prevention ..................................................................... 8 DLP and Privacy .................................................................................................. 8 The Check Point Solution for DLP ....................................................................... 9 Data Loss Prevention Terminology ................................................................10 How It Works .................................................................................................10 Integrated DLP Security Gateway Deployment ..............................................11 Dedicated DLP gateway Deployment .............................................................11 Alternative Gateway Deployments .................................................................12 What Happens on Rule Match .......................................................................13 Role of DLP Administrator ..................................................................................13 DLP Administrator Permissions .....................................................................14 Installation and Configuration .............................................................................16 DLP Supported Platforms ...................................................................................16 Installing the DLP gateway .................................................................................16 DLP Software Blade Trial License ......................................................................16 Configuring a DLP Gateway or Security Cluster .................................................17 Integrated Deployments .................................................................................17 Dedicated Deployments .................................................................................18 DLP-1 Security Cluster Wizard ...........................................................................18 Prerequisites ..................................................................................................18 Configuring a Locally Managed DLP-1 Security Cluster .................................19 Data Loss Prevention Wizard .............................................................................19 DLP Blade Wizard Options ............................................................................19 Completing the Wizard...................................................................................20 Configuring a Dedicated DLP Gateway in Bridge Mode ......................................20 Required Routing in Bridge Mode ..................................................................20 Configuring Bridge IP Address .......................................................................21 Required VLAN Trunk Interfaces ...................................................................21 Configuring Active Directory and LDAP for DLP .................................................21 Rerunning the Data Loss Prevention Wizard .................................................22 Configuring a DLP Gateway for a Web Proxy .....................................................22 Configuring for a Web Proxy ..........................................................................22 Configuring for an Internal Web Proxy ...........................................................23 Configuring Proxy Settings After Management Upgrade ................................23 Mail Relay Required Configuration .....................................................................23 Configuring the Mail Relay .............................................................................24 Configuring a Dedicated DLP gateway and Relay on DMZ ............................25 Recommended Deployment - DLP Gateway with Mail Relay .........................26 Workarounds for a Non-Recommended Mail Relay Deployment....................26 TLS-Encrypted SMTP Connections ...............................................................28 Configuring Incident Log Handling ......................................................................28 UserCheck Client ...............................................................................................30 UserCheck Client Overview ...........................................................................30 UserCheck Requirements ..............................................................................30 Enabling UserCheck Client ............................................................................30 Client and Gateway Communication ..............................................................31 Getting the MSI File .......................................................................................36 Distributing and Connecting Clients ...............................................................37 Helping Users ................................................................................................38 Configuring the Exchange Security Agent ..........................................................39 SmartDashboard Configuration ......................................................................39 Exchange Server Configuration .....................................................................40 HTTPS Inspection ..............................................................................................44 How it Operates .............................................................................................44 Configuring Outbound HTTPS Inspection ......................................................45 Configuring Inbound HTTPS Inspection .........................................................47 The HTTPS Inspection Policy ........................................................................48 Gateways Pane .............................................................................................52 Adding Trusted CAs for Outbound HTTPS Inspection....................................53 HTTPS Validation ..........................................................................................54 HTTP/HTTPS Proxy.......................................................................................57 HTTPS Inspection in SmartView Tracker .......................................................58 HTTPS Inspection in SmartEvent...................................................................59 Out of the Box .......................................................................................................61 Default Deployment ............................................................................................61 Data Loss Prevention in SmartDashboard ..........................................................61 Defining My Organization ...................................................................................62 Adding Email Addresses and Domains to My Organization ...........................63 Defining Internal Users ..................................................................................63 Defining Internal User Groups........................................................................63 Excluding Users from My Organization ..........................................................64 Defining Internal Networks .............................................................................64 Excluding Networks from My Organization .....................................................64 Defining Internal VPNs...................................................................................65 Excluding VPNs from My Organization ..........................................................65 Data Loss Prevention Policies ............................................................................66 Overview of DLP Rules ..................................................................................66 Rule Actions ..................................................................................................68 Managing Rules in Detect ..............................................................................69 Setting Rule Tracking.....................................................................................69 Setting a Time Restriction ..............................................................................71 Supported Archive Types ...............................................................................72 Selective Deployment - Gateways .................................................................72 Selective Deployment - Protocols ..................................................................72 Auditing and Analysis .........................................................................................73 Using SmartView Tracker ..............................................................................73 Using SmartEvent ..........................................................................................75 Data Owner and User Notifications .....................................................................76 Data Owners ......................................................................................................76 Preparing Corporate Guidelines .........................................................................77 Communicating with Data Owners......................................................................77 Communicating with Users .................................................................................77 Notifying Data Owners ........................................................................................78 Notifying Users ...................................................................................................79 Customizing Notifications ...................................................................................79 Customizing Notifications to Data Owners .....................................................80 Customizing Notifications for Self-Handling ...................................................80 Setting Rules to Ask User ...................................................................................80 DLP Portal ..........................................................................................................81 What Users See and Do ................................................................................81 Unhandled UserCheck Incidents ....................................................................81 UserCheck Notifications .....................................................................................81 Managing Rules in Ask User ..............................................................................82 Learning Mode ...................................................................................................82 Data Loss Prevention by Scenario ......................................................................84 Analytical Deployment ........................................................................................84 Creating New Rules............................................................................................84 Internal DLP Policy Rules ..............................................................................85 More Options for Rules ..................................................................................86 Rule Exceptions .............................................................................................87 Fine Tuning ...........................................................................................................90 Customized Deployment ....................................................................................90 Setting Rules to Prevent .....................................................................................91 Defining Data Types ...........................................................................................91 Protecting Data By Keyword ..........................................................................91 Protecting Documents by Template ...............................................................92 Protecting Files ..............................................................................................93 Protecting Data by Pattern .............................................................................94 Defining Compound Data Types ....................................................................94 Advanced Data Types....................................................................................94 Adding Data Types to Rules ...............................................................................98 Focusing on Data...........................................................................................98 The Compliance Data Category .....................................................................98 Editing Data Types ........................................................................................99 Defining Data Type Groups..........................................................................102 Defining Advanced Matching for Keyword Data Types .................................103 Defining Post Match CPcode for a Data Type ..............................................103 Recommendation - Testing Data Types .......................................................103 Exporting Data Types ..................................................................................104 Importing Data Types...................................................................................104 Defining Email Addresses.................................................................................104 Watermarking ...................................................................................................105 Previewing Watermarks ...............................................................................108 Viewing Watermarks in MS Office Documents .............................................109 Resolving Watermark Conflicts ....................................................................109 Turning Watermarking on and off .................................................................112 Using the DLP Watermark Viewing Tool ......................................................112 Fine Tuning Source and Destination .................................................................112 Creating Different Rules for Different Departments ......................................113 Isolating the DMZ .........................................................................................114 Defining Strictest Security ............................................................................115 Defining Protocols of DLP Rules.......................................................................115 Fine Tuning for Protocol...............................................................................116 Configuring More HTTP Ports ......................................................................116 Advanced Configuration and Troubleshooting ................................................ 117 Configuring User Access to an Integrated DLP Gateway ..................................117 Internal Firewall Policy for a Dedicated DLP Gateway ......................................118 Advanced Expiration Handling ..........................................................................119 Advanced SMTP Quotas ..................................................................................119 Advanced FTP and HTTP Quotas ....................................................................120 Advanced User Notifications .............................................................................120 Troubleshooting: Incidents Do Not Expire .........................................................121 Troubleshooting: Mail Server Full .....................................................................121 Gateway Cleanup of Expired Data....................................................................122 Gateway Cleanup of All Captured Data ............................................................122 Customizing DLP User-Related Notifications ....................................................124 Localizing DLP User-Related Notifications ...................................................125 Supporting LDAP Servers with UTF-8 Records ...............................................126 Editing Extreme Condition Values ....................................................................126 Editing Exchange Security Agent Values ..........................................................127 Configuring HTTP Inspection on All Ports .........................................................128 Defining New File Types ...................................................................................129 Server Certificates ............................................................................................144 Obtaining and Installing a Trusted Server Certificate ...................................145 Viewing the Certificate .................................................................................146 Advanced Options for Data Types ..................................................................... 147 Case Sensitivity ................................................................................................147 Ordered Match for Names ................................................................................147 Proximity of Matched Words .............................................................................148 Match Multiple Occurrences ..................................................
View Full Document

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture