Shulou(Shulou.com)06/01 Report--

Table of contents:

What is the way of DLP data leakage? strategy making and verification

What is DLP?

Data disclosure protection (DLP) is a strategy to prevent specified data or information assets from flowing out of the enterprise in the form of violating security policies by certain technical means. Its core competence is content identification, which can be extended to the prevention and control of data. The specific ways of identification are: 1) keywords, 2) regular expressions, 3) file attributes, 4) file fingerprints.

The way of data leakage

1 use leakage

Operation error leads to data leakage

Data leakage is caused by printing, cutting, copying, pasting, saving as, renaming, and so on.

2 transmission leakage

Transfer confidential information through email, QQ, Wechat, etc.

Upload data, materials, etc., through the network disk.

3 Storage leakage

The data of the server and database are downloaded and shared at will.

Employees copy data at will through USB drives and removable hard drives.

Data leakage caused by laptop theft, loss, or maintenance

Policy making and verification

File attribute dictionary library regular expression file system fingerprint test

One: the test steps are as follows

1 there is no policy, so you need to add a policy, as shown in the following figure:

2 the next step is to customize the policy:

Then we need to define the policy, such as name, description, owner, etc. As shown below:

4 with a strategy, then you need to have rules, and the next step is to add rules. The rules here are dependent on the strategy. Add rules in the following figure:

5 add the file type you want and set the threshold. As shown below:

(6) display and elaborate the set rules. As shown below:

7 set the set rules, such as the severity of the file, as shown below:

8 next, select the device and network, as shown in the following figure:

9 then choose how the proposed document will go out to other places, such as USB flash drive, application, email, etc. As shown below:

10 at this point, it's all over, just follow the prompts to deploy successfully. As shown below:

11 test, create a type of file on the client, and open the dlptest.com website to upload the created file, as shown below:

12 you can now view events in the Triton server management interface, as shown in the following figure:

13 details of the trigger rule, as shown below:

Second, the test steps are as follows:

1 add custom dictionary pants, as shown below:

The 2-dictionary library has been successfully established, and then it needs to be strategically regulated. That is, create a rule. The detailed steps repeat the first strategy above and will not be described in detail.

The test steps are as follows:

1 rules for creating regular expressions, as shown in the following figure:

2 fill in the regular grammar.

The test steps are as follows:

1 Custom file system fingerprint conditions.

2 basic configuration, as shown below:

3 fill in the path to be scanned

4 Select the files to be scanned, or exclude. As shown below:

(5) scan file cycle selection. As shown below:

6 file filtering, based on type, creation time, size. As shown below:

7 fingerprints were derived. As shown below:

8 when finished, start scanning the specified directory or file. As shown below:

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.