Professional Documents
Culture Documents
13 Chapter13 NBC and DLP v5.5r2
13 Chapter13 NBC and DLP v5.5r2
Goals
URL Filter
• SSL-Proxy
• DLP
Network Behavior Control
• In the URL filter profile configuration mode, you can use the
following command to enable the system to record the web
surfing log:
- web-surfing-record method [get | get-post [post-content] |
post [post-content]]
• get – Records the web surfing log using the GET method.
• get-post – Records the web surfing log using the GET and
POST methods.
• post – Records the web surfing log using the POST method.
• post-content – Records the POST content.
Agenda:SSL-Proxy
• URL Filter
SSL-Proxy
• DLP
SSL Proxy
• URL Filter
• SSL-Proxy
DLP
Data Leakage Prevention
• Actions:
- Permit access, record log
- Block access, no log
- Block access, record log
File Filter Rule
• CLI configurations:
SG-6000(config)# dlp-profile test Create a file filter profile
SG-6000(config-dlp-profile)# filter id 1
SG-6000(config-dlp-filter)# file-name *StoneOS //file name includes word StoneOS
SG-6000(config-dlp-filter)# protocol-type all //support all types of protocol: http-post http-get ftp
smtp pop3
SG-6000(config-dlp-filter)# action block log
SG-6000(config-dlp-filter)# exit
SG-6000(config-dlp-profile)# exit
SG-6000(config)# policy-global
SG-6000(config-policy)# rule id 1
SG-6000(config-policy-rule)# dlp-profile test //binding DLP profile to a policy rule
SG-6000(config-policy-rule)# exit
Question