ビデオヘルプ

Symantec Data Loss Prevention: adding rules based on Active Directory user accounts

作成: 27 Dec 2012 • 更新: 16 Jan 2013 | コメント数: 4
各国語の翻訳
UFO の写真
+4 得票数: 4
ログインして投票

Symantec Data Loss Prevention (SDLP, current version 11.6) is often being installed in Windows environment. Thus there are a lot of tasks in SDLP that are connected to Active Directory. This article should give you an insight on how to make detection policies and rules work for a particular Active Directory user, or group of users, or how to make the policy work for all users except one particular Active Directory user.

Well, to enable DLP policy that, for example, detects USB removable device copy and prevents the action for a specific Active Directory user, you should do 3 steps:

First go to System > Settings > Group Directories

Then press Create New Connection button and set up new connection to Active Directory. Example screenshot will give you an idea on how to fill out the fields:

 

So far it is simple. If your domain name is demo.com then in (Network Parameters) Base DN field you should type: DC=demo, DC=com
Choose Authentification type on server (it is almost always will be required to enter user name and password), type in credentials.
When done filling out fields press Test Connection buttion to ensure that everything is done properly.

When testing connection succeed press Save button and continue to the second step.

When directory connection is set up - the next step is to create User Group. Choose Manage > User Groups
Then create new user group (you can include one or many users depending on what kind of policy you will use this group). See example screenshot below for details:

When done filling out the field press Save button and continue to the final step.

Final step is to add rule to policy based on User Group (which is based on Directory Connection from step 1). To do so go to Manage > Policies > Policy List and choose the policy to modify (or you can create the new one). To add desired user based rule Groups tab in policy settings should be chosen.Then it depends if you want to add rule for particualr AD user or make an exception for AD user you then press button Add Rule or Add Exception correspondingly. Example below shows exeption rule:

when, for example, Sender/User based on Directory Server Group is selected click Next and you will be able to set up the user based rule.

Just select user group that was set up on step 2, name exception, click Ok, then save the policy.

All done.

コメント コメント数: 4最新のコメントを表示

new_dlp の写真

Good example!

+1
ログインして投票
  • アクション
kishorilal1986 の写真

Hi UFO ,

Nice Article with step by step.

+1
ログインして投票
  • アクション
UFO の写真

Thank you. Appreciate that.

STS: DLP

0
ログインして投票
  • アクション
I4U の写真

Good Article.

0
ログインして投票
  • アクション