DescriptionData leakage can be the intentional or unintentional result of human or software error. It is often the result of specific, targeted actions, sometimes by trusted insiders, which leads to the loss of sensitive information.
There are many ways in which confidential data or proprietary secrets can leave an organization. For example, emails and FTP. Data leak prevention protects your intellectual property from internal mishandling.
FortiOS 4.0 introduces DLP which will prevent confidential data leakage through different Rules or Compound Rules.
How to configure DLP?
Create individual DLP Rules
Under UTM > Data Leak Prevention > Rule
Group multiple individual DLP Rules
Under UTM > Data Leak Prevention > Compound
Create a DLP Sensor & add individual or compound Rules
Under UTM > Data Leak Prevention > Sensor
Define this sensor in the protection profile
Under Firewall > Protection Profile > web > Data Leak Prevention Sensor
Choose this Protection Profile in the respective Firewall Policy
Under Firewall > Policy > Edit > enable Protection Profile > choose Protection Profile
Create a DLP Rule
Creating Compound Rule
Create a DLP Sensor
Add DLP Sensor Rule
Choose any of the following options as Action in a DLP Sensor Rule
- None
- Block
- Exempt
- Ban -define expiry timer
- Ban Sender -define expiry timer
- Quarantine IP Address -define expiry timer
- Quarantine Interface
Note: Both Compound and Individual Rules can be added to one DLP Sensor. An example of this is shown below.
Finally, define the DLP Sensor in Protection Profile. Select this protection profile in the respective firewall policy
FortiOS 4.0 data Leak Prevention rules can be enabled on the following protocols,
- HTTP
- FTP
- SMTP
- POP3
- IMAP
- NNTP
- Instant Messenger
Before configuring DLP, it's crucial to understand what data types are being protected. A company can configure FortiOS 4.0 DLP with different techniques to secure data. Configuring DLP Rules should be done according to an organization's IT security Standards.
Solution.