How to configure DLP to protect a specific network share on a fileserver?
Created: 09 Feb 2012 | Updated: 09 Feb 2012 | 6 comments
This issue has been solved. See solution.
Hi all,
I'm trying to find out how to configure DLP Endpoint to protect a specific network share or fileshare folder on a fileserver.
What i am trying to achieve is whether it is possible to do this because i can configure a DLP Endpoint policy to prevent
anything to be copied from all network shares available.
So the requirement is that DLP Endpoint to protect data being copied/moved from one specific network share to local drive
and agent is installed on the workstations, not on the fileserver.
Thanks in advance.
Discussion Filed Under:
Comments 6 Comments • Jump to latest comment
I think that what you'd have to do is this:
The problem with doing it this way is that you can't really monitor anything else unless you specify other monitoring filters...and the copy to local endpoint rule will be applied for everything that's monitored! As you can see this isn't really a good solution.
To do what you're describing, I think it's best to just use the permissions settings in Windows to restrict who can access which file share. This is a much cleaner solution.
If you really wanted to use DLP to do it, you'd have to use network protect.
Hope this helps a bit
-----------------------------
If this post has helped you or solved your problem, please don't forget to vote or mark as solution.
xlloyd,
So let me get it straight, basically i need to have another monitoring filter on top of this so that i can monitor anything else, correct?
Looks promising though. The reason why i am looking for this is because a future customer already has a set of keywords to use and recently have added a new share folder where they haven't been able to give me the keywords to be used, so they were asking whether protecting the whole fileshare is possible regardless of content definition.
Also they want to protect the data from being leaked out by the defined allowed users (defined in the Windows permissions settings) through email, copy/move, etc.
Also another question, in what way can Network DLP address this cause as far as i know it only can remove/quarantine the data that is not supposed to be there ?
Thanks a lot man
Wow you're right! I said that without thinking...my bad!
My first thought was that you'd have to put the endpoint agent on the server but after thinking about it, I couldn't think of a way to limit who can copy the file from the share. It was tough to wrap my head around it 'cause now everything is backways.
I'm going to run a few tests and post back in a bit. I think I thought of a way to solve this.
xlloyd,
i was also thinking of putting the agent on the fileserver but haven't tried it out.
I'll wait for your test results, in the mean time.
Thanks again.
I tried and couldn't get it to work with the agent on my local machine. I suppose that if you put the agent on the server it should work but I'm not sure how you'd classify who is copying off the file...
Sorry I couldn't be more help!
no problems, you've already helped alot ... thanks!!
Would you like to reply?
Login or Register to post your comment.