Scribd Logo
Upload

Welcome to Scribd!

  • 13 Chapter13 NBC and DLP v5.5r2

    Uploaded by

    Robson Peripolli Rodrigues
    2 views19 pages
    Here are the answers to the questions: 1. User-defined URL has higher priority than pre-defined URL. 2. The two matching methods of URL keyword filter are simple and regular expression. 3. The created SSL-Proxy profile should be referenced in a policy. 4. The 3 file filter methods of DLP are file size, file type, and file name.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Here are the answers to the questions: 1. User-defined URL has higher priority than pre-defined URL. 2. The two matching methods of URL keyword filter are simple and regular expression. 3. The created SSL-Proxy profile should be referenced in a policy. 4. The 3 file filter methods of DLP are file size, file type, and file name.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    2 views19 pages

    13 Chapter13 NBC and DLP v5.5r2

    Uploaded by

    Robson Peripolli Rodrigues
    Here are the answers to the questions: 1. User-defined URL has higher priority than pre-defined URL. 2. The two matching methods of URL keyword filter are simple and regular expression. 3. The created SSL-Proxy profile should be referenced in a policy. 4. The 3 file filter methods of DLP are file size, file type, and file name.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 19

    Chapter 13 NBC and DLP

    Goals

    • After this chapter, you will understand:


    – URL filter
    – SSL-proxy
    – Data leakage prevention
    Agenda:URL Filter

     URL Filter
    • SSL-Proxy
    • DLP
    Network Behavior Control

    • StoneOS NBC includes following main functions:


    – URL filter
    – Keyword filter
    – Web posting
    – Email filter
    – IM control
    – HTTP/FTP control
    URL Filter

    • URL filter is designed to filter the URL field of HTTP/HTTPS


    that access to some websites, and control the access of
    matched URL

    • StoneOS supports pre-defined URL database and user-defined


    URL list, as well as the URL keyword filtering

    • User-defined URL has high priority than pre-defined URL

    • By default, the system updates the predefined URL database


    automatically. Hillstone also offers URL online query server for
    unclassified URL.
    Pre-defined URL Category

    • The predefined URL database is divided into 39 categories. It


    offers the action Block and Log
    User-defined URL Filter

    • User-defined URL category supports filter for HTTP and HTTPS


    URL Keyword Filter

    • Keyword filter has two matching methods: Simple and Regular


    expression.
    URL Log

    • In the URL filter profile configuration mode, you can use the
    following command to enable the system to record the web
    surfing log:
    - web-surfing-record method [get | get-post [post-content] |
    post [post-content]]
    • get – Records the web surfing log using the GET method.
    • get-post – Records the web surfing log using the GET and
    POST methods.
    • post – Records the web surfing log using the POST method.
    • post-content – Records the POST content.
    Agenda:SSL-Proxy

    • URL Filter
     SSL-Proxy
    • DLP
    SSL Proxy

    • Hillstone device provides the SSL proxy function to decrypt


    HTTPS traffic. The SSL proxy function replaces the certificates of
    encrypted websites with the SSL proxy certificate to get the
    encrypted information and send the SSL proxy certificate to the
    client’s Web browser. During the process, the device acts as a
    SSL client and SSL server to establish connections to the Web
    server and Web browser respectively. The SSL proxy certificate is
    generated by using the device's local certificate and re-signing
    the website certificate.
    SSL-Proxy Configuration

    • Create SSL-Proxy profile, reference the profile in Policy


    Export PKI Certificate

    • Export CA certificate from FW PKI and import to a Web Browser


    Agenda:DLP

    • URL Filter
    • SSL-Proxy
     DLP
    Data Leakage Prevention

    • DLP monitors files transported through HTTP, FTP, SMTP, POP3


    protocols, and control them according to the file filter rules.
    Hillstone FW supports file size, file type, file name filter conditions,
    and performs block or log action if rule has been matched to
    prevent the leakage of confidential data.

    • DLP support check and control for following common protocols:


    - http-get
    - http-post
    - FTP
    - SMTP
    - POP3

    • Actions:
    - Permit access, record log
    - Block access, no log
    - Block access, record log
    File Filter Rule

    • Support 3 filter rules:


    - file size
    - file type
    - file name

    • Rule matching: each dlp-profile supports to create 3 filter


    rules and match all those rules, The final actions performed
    will follow the rule sequence. If one filter rule is configured
    with the block action and the file happens to match this rule,
    then the system will block the uploading/downloading of this
    file; if the file rules that the file matches to have no block
    action configured, then the system will permit this file and log
    this file.
    DLP Configuration(CLI Only)

    • CLI configurations:
    SG-6000(config)# dlp-profile test Create a file filter profile
    SG-6000(config-dlp-profile)# filter id 1
    SG-6000(config-dlp-filter)# file-name *StoneOS //file name includes word StoneOS
    SG-6000(config-dlp-filter)# protocol-type all //support all types of protocol: http-post http-get ftp
    smtp pop3
    SG-6000(config-dlp-filter)# action block log
    SG-6000(config-dlp-filter)# exit
    SG-6000(config-dlp-profile)# exit

    SG-6000(config)# policy-global
    SG-6000(config-policy)# rule id 1
    SG-6000(config-policy-rule)# dlp-profile test //binding DLP profile to a policy rule
    SG-6000(config-policy-rule)# exit
    Question

    1. URL file: pre-defined URL database and use-defined URL,


    which one has the higher matching priority?
    2. What are the two matching method of URL keyword filter?
    3. Which function that the created SSL-Proxy profile should be
    referenced to?
    4. What are the 3 file filter methods of DLP?

    You might also like