1] Symantec Data Loss Prevention Mobile Prevent andserver-side application configuration.
2] Symantec Data Loss Prevention Mobile Prevent and client-side application configuration.
1] Symantec Data Loss Prevention Mobile Prevent andserver-side application configuration :
You must make a few configuration changes to a number of server products. If you do not make these changes, the mobile devices that are connected to the
corporate network might not function properly. The server products that are affected are:
A] Streaming applications
B] Netflix
C] YouTube
D] Gmail
Now we will see one by one how to configure them with symantec DLP mobile prevent.
A] Configuring streaming applications to work with Symantec Data Loss Prevention for Mobile :
To enable some streaming applications, such as Pandora, a proxy server must be configured to redirect network traffic. The proxy server can be configured to allow communication between the mobile device and the streaming server. This configuration prevents Symantec Data Loss Prevention for Mobile from scanning the streaming data.
Configuring the proxy server to redirect network traffic
1] Log in to the proxy server.
2] Create a forwarding rule that includes the URL or IP addresses of the streaming Web sites that you want users to access.
3] Disable SSL interception in the rule.
4] Save the rule.
Note : For more information on configuring the proxy server, see the documentation that comes with the proxy server.
B] Netflix streaming with Symantec Data Loss Prevention Mobile Prevent :
Netflix is not supported on a mobile device in a Symantec Data Loss Prevention Mobile Prevent environment. Configuring the proxy server to redirect
communication to the Netflix servers allows Netflix to stream movies to the mobile device. The streaming data is not scanned by Mobile Prevent.
Configuring the proxy server to redirect network traffic
1] Log in to the proxy server.
2] If the proxy server is configured for explicit mode, create a forwarding rule for the destination host netflix.
3] If the proxy server is configured for transparent mode, create a forwarding rule for the destination host amazonaws.com.
4] Disable SSL interception in the rule.
5] Save the rule.
If users are restricted from using Netflix to stream videos, the proxy server can be configured to block communication between the proxy server and Netflix. This configuration can be used to increase performance in the corporate network. For more information on configuring the proxy server, see the documentation that comes with the proxy server.
C] YouTube streaming with Symantec Data Loss Prevention Mobile Prevent :
If the proxy server is configured for transparent mode, YouTube videos may not play. To enable YouTube videos on mobile devices connected through a VPN, create a new policy on the proxy server for the YouTube host.
Note: The following procedure is an example of installing a new policy on a Blue Coat proxy server. See the documentation for your proxy server for more
information on how to create a policy.
Configuring the proxy server for YouTube
1] Log in to the proxy server as an administrator.
2] Click Configuration > Policy > Policy Files.
3] From the Install Local Policy from list menu, click Text Editor.
4] In the field provided, enter the following:
define condition YouTubeRangeRequests
url.domain="YouTube.com"
end condition YouTubeRangeRequests
<Proxy>
request.header.Range="bytes" condition=YouTubeRangeRequests
bypass_cache(yes)
5] Click Apply to save the policy.
D] Configuring Gmail on iPads or iPhones with Symantec Data Loss Prevention Mobile Prevent :
Symantec Data Loss Prevention for Mobile can use notification and block response rules when an email is sent that violates a policy. To use the block response rule, an iOS device is configured to use Gmail-based email through the Google Sync server. The user must use the native iOS Mail application to send their emails instead of using the Gmail mail application. If a user sends emails with the Gmail application, only the notification response rule can be used when an email violates a policy.
Note: Symantec Data Loss Prevention for Mobile does not support block response rules for any emails that are sent using the Gmail application on iOS mobile devices. The Gmail application might become unusable if the application is used to send an email that gets blocked by the Mobile Prevent Server. To correct this problem, remove the response rule to block the emails and then reinstall the Gmail application on the mobile device.
To configure Gmail with the native iOS Mail application, complete the following
steps.
1] From the Home screen, tap Settings.
2] Tap Mail, Contacts, Calendars > Add Account > Microsoft Exchange.
Note: Do not use the Gmail account that is displayed in the list of account types.
3] Enter the following information into the fields provided.
Email = username@gmail.com
Server = m.google.com
Domain = gmail.com (Optional)
Username = user name
Password = password
4] Tap Next > Save to save the account.
The user can now use the native iOS Mail application on their mobile device to send and receive emails from their Gmail account. The Mobile Prevent erver can monitor and generate notification or block response rules when an email containing sensitive data is detected.
2] Symantec Data Loss Prevention Mobile Prevent and server-side application configuration :
Some applications might require changes to their settings to allow them to function properly in the Symantec Data Loss Prevention for Mobile environment. If you do not make these changes the applications may not function properly. The known applications that are affected are:
A] iOS updates.
B] Twitter
A] Configuring iOS updates to work with Symantec Data Loss PreventionMobile Prevent :
An iOS-based mobile device that is configured for VPN connectivity must perform any iOS updates while connected to the corporate network. Disabling the VPN connection and updating the iOS operating system might cause the update to fail.
B] Using Twitter with Symantec Data Loss Prevention Mobile Prevent :
Users who send messages with Twitter might receive an authorization error after a message is sent. When the error occurs, the message is not sent or has had content removed due to content that violates a policy. The message creates an incident on the Symantec Data Loss Prevention Enforce Server. The user can continue to use Twitter to send messages.