Video Screencast Help

How to configure DLP to protect a specific network share on a fileserver?

Created: 09 Feb 2012 • Updated: 09 Feb 2012 | 6 comments
avl's picture
This issue has been solved. See solution.

Hi all,

I'm trying to find out how to configure DLP Endpoint to protect a specific network share or fileshare folder on a fileserver.

What i am trying to achieve is whether it is possible to do this because i can configure a DLP Endpoint policy to prevent

anything to be copied from all network shares available.

So the requirement is that DLP Endpoint to protect data being copied/moved from one specific network share to local drive

and agent is installed on the workstations, not on the fileserver.

Thanks in advance.

Comments 6 CommentsJump to latest comment

xlloyd's picture

I think that what you'd have to do is this:

  1. Create a policy with the endpoint destination set to Local Drive.
  2. Go to system -> agent configuration -> edit the configuration
  3. Edit the monitoring filter by adding the path to the fileshare.

The problem with doing it this way is that you can't really monitor anything else unless you specify other monitoring filters...and the copy to local endpoint rule will be applied for everything that's monitored! As you can see this isn't really a good solution.

To do what you're describing, I think it's best to just use the permissions settings in Windows to restrict who can access which file share. This is a much cleaner solution.

If you really wanted to use DLP to do it, you'd have to use network protect.

Hope this helps a bit

-----------------------------

If this post has helped you or solved your problem, please don't forget to vote or mark as solution.

If this post has helped you, please vote up or mark as solution
SOLUTION
avl's picture

xlloyd,

So let me get it straight, basically i need to have another monitoring filter on top of this so that i can monitor anything else, correct?

Looks promising though. The reason why i am looking for this is because a future customer already has a set of keywords to use and recently have added a new share folder where they haven't been able to give me the keywords to be used, so they were asking whether protecting the whole fileshare is possible regardless of content definition.

Also they want to protect the data from being leaked out by the defined allowed users (defined in the Windows permissions settings) through email, copy/move, etc.

Also another question, in what way can Network DLP address this cause as far as i know it only can remove/quarantine the data that is not supposed to be there ?

Thanks a lot man

xlloyd's picture

Also another question, in what way can Network DLP address this cause as far as i know it only can remove/quarantine the data that is not supposed to be there ?

Wow you're right! I said that without thinking...my bad! surprise

My first thought was that you'd have to put the endpoint agent on the server but after thinking about it, I couldn't think of a way to limit who can copy the file from the share. It was tough to wrap my head around it 'cause now everything is backways.

I'm going to run a few tests and post back in a bit. I think I thought of a way to solve this.

If this post has helped you, please vote up or mark as solution
avl's picture

xlloyd,

i was also thinking of putting the agent on the fileserver but haven't tried it out.

I'll wait for your test results, in the mean time.

Thanks again.

xlloyd's picture

I tried and couldn't get it to work with the agent on my local machine. I suppose that if you put the agent on the server it should work but I'm not sure how you'd classify who is copying off the file...

Sorry I couldn't be more help!

If this post has helped you, please vote up or mark as solution