Cisco Cisco Web Security Appliance S660 Mode D'Emploi
12-5
Cisco IronPort AsyncOS 7.0 for Web User Guide
OL-23079-01
Chapter 12 Data Security and External DLP Policies
Working with Data Security and External DLP Policies
Step 2
Create and configure Data Security Policy groups. After the IronPort Data
Security Filters feature is enabled, you create and configure Data Security Policy
groups to determine how to handle upload requests from each user.
Security Filters feature is enabled, you create and configure Data Security Policy
groups to determine how to handle upload requests from each user.
IronPort Data Security Policies use URL filtering, web reputation, and upload
content information when evaluating the upload request. You configure each of
these security components to determine whether or not to block the upload
request. For more information about the security components that you can
configure and how the Web Proxy uses Data Security Policy groups to control
upload requests, see
content information when evaluating the upload request. You configure each of
these security components to determine whether or not to block the upload
request. For more information about the security components that you can
configure and how the Web Proxy uses Data Security Policy groups to control
upload requests, see
.
When the Web Proxy compares an upload request to the control settings, it
evaluates the settings in order. Each control setting can be configured to perform
one of the following actions for IronPort Data Security Policies:
evaluates the settings in order. Each control setting can be configured to perform
one of the following actions for IronPort Data Security Policies:
•
Block. The Web Proxy does not permit the connection and instead displays
an end user notification page explaining the reason for the block.
an end user notification page explaining the reason for the block.
•
Allow. The Web Proxy bypasses the rest of the Data Security Policy security
service scanning and then evaluates the request against the Access Policies
before taking a final action.
service scanning and then evaluates the request against the Access Policies
before taking a final action.
For IronPort Data Security Policies, Allow bypasses the rest of data security
scanning, but does not bypass External DLP or Access Policy scanning. The
final action the Web Proxy takes on the request is determined by the
applicable Access Policy (or an applicable external DLP Policy that may
block the request).
scanning, but does not bypass External DLP or Access Policy scanning. The
final action the Web Proxy takes on the request is determined by the
applicable Access Policy (or an applicable external DLP Policy that may
block the request).
•
Monitor. The Web Proxy continues comparing the transaction to the other
Data Security Policy group control settings to determine whether to block the
transaction or evaluate it against the Access Policies.
Data Security Policy group control settings to determine whether to block the
transaction or evaluate it against the Access Policies.
For IronPort Data Security Policies, only the Block action is a final action that the
Web Proxy takes on a client request. A final action is an action that causes the Web
Proxy to stop comparing the transaction to all other control settings. The Monitor
and Allow actions are intermediary actions. In both cases, the Web Proxy
evaluates the transaction against the External DLP Policies (if configured) and
Access Policies. The Web Proxy determines which final action to apply based on
the Access Policy group control settings (or an applicable external DLP Policy
that may block the request).
Web Proxy takes on a client request. A final action is an action that causes the Web
Proxy to stop comparing the transaction to all other control settings. The Monitor
and Allow actions are intermediary actions. In both cases, the Web Proxy
evaluates the transaction against the External DLP Policies (if configured) and
Access Policies. The Web Proxy determines which final action to apply based on
the Access Policy group control settings (or an applicable external DLP Policy
that may block the request).