Data Loss Prevention

 View Only

  • 1.  BLOCKING UPLOAD TRAFFIC WITH DLP

    Posted Aug 25, 2015 04:40 AM

    HI. is there a way to block upload traffic on web browsers with dlp ? thanks



  • 2.  RE: BLOCKING UPLOAD TRAFFIC WITH DLP

    Posted Aug 25, 2015 04:47 AM

    IN fact i want to block all upload traffic with symantec end-point prevent ...... 



  • 3.  RE: BLOCKING UPLOAD TRAFFIC WITH DLP

    Posted Aug 25, 2015 12:29 PM

    The best way I think, we could do it is by - setting up a policy which monitors all web traffic (http, https & ftp) & add another condition where you choose filetypes like office docs, adobe pdf, etc.

    I say filetypes because, otherwise - the database size increment would be pretty high, if you want even text uploads to be monitored.

    Another way I feel this could work is by clubbing it with your URL filtering at the gateway/host firewall on the host. That way you would know which websites the users have access to and accodingly you could add a policy specifically monitoring those domains.



  • 4.  RE: BLOCKING UPLOAD TRAFFIC WITH DLP

    Posted Sep 01, 2015 04:04 AM

    I don't think that you can block this. DLP will see upload and download as the same flow.

    If you create a policy with filetype like precedent user says, you will block also download.



  • 5.  RE: BLOCKING UPLOAD TRAFFIC WITH DLP

    Posted Sep 02, 2015 04:21 PM

    Thomas - that is a great perspective & it did got me thinking for a while. Cause normally I would disable GET requests when working with a 'web prevent' however even an Endpoint Agent does capture a GET?

    This changes the basis, a bit for me, when designing architectures. Thus, I did some research of my own - exported the agent configuration by querying the cg.ead using vontu_sqlite3 and found the below entry in the config file:

    EnableHTTPGET                             int              0  

    You're seem to be right - yes there is a value on the agent as well to monitor GETs. However is disabled by default.

    I also performed a few quick tests by trying to download an attachment vs. upload (ofcourse with a atachment only keywords policy) - and mine triggered only when uploading and not downloading. Has someone else, had a different result? please let me know as I am sincerely curious to know (how it works)

    Unless otherwise, to my knowledge simple - policy based control with the default GET off should do the trick like I mentioned in my earlier post & I do stand to be corrected.

    Let me know & it was great learning Thomas. Cheers!!!

     



  • 6.  RE: BLOCKING UPLOAD TRAFFIC WITH DLP

    Posted Sep 03, 2015 11:41 AM

    Hello,

     

    IMHO you should be looking for a firewall solution, not DLP.

     

    Cheers,

    Morgado



  • 7.  RE: BLOCKING UPLOAD TRAFFIC WITH DLP

    Posted Sep 13, 2015 06:53 AM

    thanks alot ..... could you help me with the creation of the propper policy and response ...... Thank you.