Video Screencast Help

Installation Order

Created: 22 Feb 2013 • Updated: 02 Mar 2013 | 9 comments
This issue has been solved. See solution.

We have a package of software that includes:

NETWORK MONITOR 11.6 and NETWORK PREVENT FOR EMAIL 11.6 and ENDPOINT DISCOVER.11.6 and ENDPOINT PREVENT 11.6

 

We do not have Network Discoverer, Network Protect or Network Prevent for Web.

On the first day I was planning to install the Enforce Server, Oracle Database, Network Monitor, and Endpoint Discover so we can run reports on how the data is flowing for several weeks so management can then decide what behavior they need users to stop, 

This spring I would deploy Endpoint Prevent and Network Prevent for Email to enforce the rules.

Is this the best way to deploy the package?

 
Operating Systems:

Comments 9 CommentsJump to latest comment

kishorilal1986's picture

Yes, you are proceedfing correctly. In my previous comapny We have same kind of implemenation. As above listed (deploy Endpoint Prevent and Network Prevent for Email to enforce the rules) is right one which will give you intial idea of Symantec DLP working.This can helpful to run reports and knowing how the data is flowing through and management can then decide what behavior they need users to stop and what other things has to be done to prevent data loss(rules defination).

Please refre below links which will help you to learn more, I hope you know the installation and config of DLP.

https://www-secure.symantec.com/connect/forums/ste...

http://www.symantec.com/connect/forums/symantec-dl...

NetUser's picture

After installing Oracle and Enforce Server, does it matter whether Network Monitor is installed before or after Endpoint Monitor?

I was planning to go ahead and install Endpoint Discover and some DLP agents now and install Network Monitor later since I need to wait for network tap hardware to be purchased and installed.

I have the impression that the Network Monitor server can't be set up or will not be of any use before a network tap is in place to plug into.

kishorilal1986's picture

Hi netuser, you are absolutely correct "Network Monitor server can't be set up or will not be of any use before a network tap is in place to plug into." . IF u are going to implement Networks monitor then u need tap device to capture packets. and if u want implement  Network email prevent then need MTA/proxy.

plz let me know if u want to know something more on this...

NetUser's picture

I had not heard of MTA proxy before.  Is this another piece of hardware needed for Network Prevent For E-mail or is that just the Network Prevent For E-mail software itself?

kishorilal1986's picture

Hi Netuser,

DLP Email prevent itself can works as MTA, u can add use different MTA also. For Web prevent u need proxy .

pete_4u2002's picture

MTA is for email and proxy for Web filtering.

NetUser's picture

OK, now this is confusing again.  It looks like two people said two different things above.

So, I know you need a TAP to SNAP to use Network Monitor, but do you need any additional third party hardware connected to the network to use Network Prevent for e-mail?

stumunro's picture

net,

 

I would configure and install NP for web and email, check the box to put them in trial mode and whenyou are ready just uncheck the box and you are blocking. this way it will help you see the flase positives you might have., 

 

You do not any hardware to connect it, it gets setup as a forwarding or reflecting mode, depending on how you set it up you will need to make dns/ mx cost changes...

SOLUTION
kishorilal1986's picture

Hi netuser,

Check this

a) Make sure that you have your SPAN /  TAP port configured properly.

b) Ensure that the NIC card connected to the SPAN / TAP port is in promniscous mode.

c) Ensure that the promniscous mode NIC card is selected under System - Servers - Network Monitor server - Configure - Network Interfaces

To confirmed that your SPAN port/network TAP is configured properly? To check this, please install Wireshark on the DLP server and see if you can see all traffic passing through the switch, or just traffic destined to/from the DLP server itself

Also refer below links which will surely help u

https://www-secure.symantec.com/connect/forums/how...

https://www-secure.symantec.com/connect/forums/net...