Data Loss Prevention

 View Only
  • 1.  Installation Order

    Posted Feb 22, 2013 07:13 PM

    We have a package of software that includes:

    NETWORK MONITOR 11.6 and NETWORK PREVENT FOR EMAIL 11.6 and ENDPOINT DISCOVER.11.6 and ENDPOINT PREVENT 11.6

     

    We do not have Network Discoverer, Network Protect or Network Prevent for Web.

    On the first day I was planning to install the Enforce Server, Oracle Database, Network Monitor, and Endpoint Discover so we can run reports on how the data is flowing for several weeks so management can then decide what behavior they need users to stop, 

    This spring I would deploy Endpoint Prevent and Network Prevent for Email to enforce the rules.

    Is this the best way to deploy the package?

     


  • 2.  RE: Installation Order

    Posted Feb 22, 2013 10:27 PM

    Yes, you are proceedfing correctly. In my previous comapny We have same kind of implemenation. As above listed (deploy Endpoint Prevent and Network Prevent for Email to enforce the rules) is right one which will give you intial idea of Symantec DLP working.This can helpful to run reports and knowing how the data is flowing through and management can then decide what behavior they need users to stop and what other things has to be done to prevent data loss(rules defination).

    Please refre below links which will help you to learn more, I hope you know the installation and config of DLP.

    https://www-secure.symantec.com/connect/forums/step-step-installation-symantec-dlp-9

    http://www.symantec.com/connect/forums/symantec-dlp-installation-and-configuration-steps



  • 3.  RE: Installation Order

    Posted Mar 01, 2013 11:00 PM

    After installing Oracle and Enforce Server, does it matter whether Network Monitor is installed before or after Endpoint Monitor?

    I was planning to go ahead and install Endpoint Discover and some DLP agents now and install Network Monitor later since I need to wait for network tap hardware to be purchased and installed.

    I have the impression that the Network Monitor server can't be set up or will not be of any use before a network tap is in place to plug into.



  • 4.  RE: Installation Order

    Posted Mar 01, 2013 11:18 PM

    Hi netuser, you are absolutely correct "Network Monitor server can't be set up or will not be of any use before a network tap is in place to plug into." . IF u are going to implement Networks monitor then u need tap device to capture packets. and if u want implement  Network email prevent then need MTA/proxy.

    plz let me know if u want to know something more on this...



  • 5.  RE: Installation Order

    Posted Mar 02, 2013 12:30 AM

    I had not heard of MTA proxy before.  Is this another piece of hardware needed for Network Prevent For E-mail or is that just the Network Prevent For E-mail software itself?



  • 6.  RE: Installation Order

    Posted Mar 02, 2013 01:33 AM

    Hi Netuser,

    DLP Email prevent itself can works as MTA, u can add use different MTA also. For Web prevent u need proxy .



  • 7.  RE: Installation Order

    Broadcom Employee
    Posted Mar 02, 2013 02:39 AM

    MTA is for email and proxy for Web filtering.



  • 8.  RE: Installation Order

    Posted Mar 02, 2013 11:14 AM

    OK, now this is confusing again.  It looks like two people said two different things above.

    So, I know you need a TAP to SNAP to use Network Monitor, but do you need any additional third party hardware connected to the network to use Network Prevent for e-mail?



  • 9.  RE: Installation Order
    Best Answer

    Posted Mar 02, 2013 01:39 PM

    net,

     

    I would configure and install NP for web and email, check the box to put them in trial mode and whenyou are ready just uncheck the box and you are blocking. this way it will help you see the flase positives you might have., 

     

    You do not any hardware to connect it, it gets setup as a forwarding or reflecting mode, depending on how you set it up you will need to make dns/ mx cost changes...



  • 10.  RE: Installation Order

    Posted Mar 02, 2013 02:10 PM

    Hi netuser,

    Check this

    a) Make sure that you have your SPAN /  TAP port configured properly.

    b) Ensure that the NIC card connected to the SPAN / TAP port is in promniscous mode.

    c) Ensure that the promniscous mode NIC card is selected under System - Servers - Network Monitor server - Configure - Network Interfaces

    To confirmed that your SPAN port/network TAP is configured properly? To check this, please install Wireshark on the DLP server and see if you can see all traffic passing through the switch, or just traffic destined to/from the DLP server itself

    Also refer below links which will surely help u

    https://www-secure.symantec.com/connect/forums/how-setup-network-monitor-dlp-test-environment

    https://www-secure.symantec.com/connect/forums/network-monitor-install-details