Cisco Cisco Web Security Appliance S170 Guida Utente
13-2
Cisco IronPort AsyncOS 7.7.5 for Web User Guide
Chapter 13 Data Security and External DLP Policies
Data Security and External DLP Policies Overview
•
Cisco IronPort Data Security Policies. When you enable the Cisco IronPort Data Security Filters,
you can create Cisco IronPort Data Security Policies to enforce business policies. For example, you
can create a Data Security Policy that prevents users from sending out Excel or zip files. For more
information, see
you can create Cisco IronPort Data Security Policies to enforce business policies. For example, you
can create a Data Security Policy that prevents users from sending out Excel or zip files. For more
information, see
.
•
External DLP Policies. When you configure the appliance to work with an external DLP system,
you can create External DLP Policies to pass data leaving the network to the external DLP system
which scans the content and determines whether or not to block the request. For more information,
see
you can create External DLP Policies to pass data leaving the network to the external DLP system
which scans the content and determines whether or not to block the request. For more information,
see
.
Depending on your organization’s needs, you might want to use both Data Security and External DLP
Policies. For example, you might use the Cisco IronPort Data Security Policies to block data uploads to
websites with a low reputation score. This way, the data is never sent to the external DLP system for a
deep content scan, which improves overall performance.
Policies. For example, you might use the Cisco IronPort Data Security Policies to block data uploads to
websites with a low reputation score. This way, the data is never sent to the external DLP system for a
deep content scan, which improves overall performance.
Bypassing Upload Requests Below a Minimum Size
Many websites are interactive, meaning users send data as well as receive data. Users might send data
when logging into a website or sending simple form data. A lot of web traffic can consist of relatively
small POST requests that are harmless, but can take up many lines in the log files. This creates a lot of
“noise” in the logs that can make it difficult to find and troubleshoot the true data security violations,
such as users uploading company files using their personal email account.
when logging into a website or sending simple form data. A lot of web traffic can consist of relatively
small POST requests that are harmless, but can take up many lines in the log files. This creates a lot of
“noise” in the logs that can make it difficult to find and troubleshoot the true data security violations,
such as users uploading company files using their personal email account.
To help reduce the number of upload requests recorded in the log files, you can define a minimum request
body size, below which upload requests are not scanned by the Cisco IronPort Data Security Filters or
the external DLP server.
body size, below which upload requests are not scanned by the Cisco IronPort Data Security Filters or
the external DLP server.
To do this, use the following CLI commands:
•
datasecurityconfig.
Applies to the Cisco IronPort Data Security Filters.
•
externaldlpconfig.
Applies to the configured external DLP servers.
The default minimum request body size is 4 KB (4096 bytes) for both CLI commands. Valid values are
1 to 64 KB. The size you specify applies to the entire size of the upload request body.
1 to 64 KB. The size you specify applies to the entire size of the upload request body.
Note
All chunk encoded uploads and all native FTP transactions are scanned by the Cisco IronPort Data
Security Filters or external DLP servers when enabled. However, they can still be bypassed based on a
custom URL category. For more information, see
Security Filters or external DLP servers when enabled. However, they can still be bypassed based on a
custom URL category. For more information, see
User Experience with Blocked Requests
When the Cisco IronPort Data Security Filters or an external DLP server blocks an upload request, it
provides a block page that the Web Proxy sends to the end user. However, not all websites display the
block page to the end user. For example, some Web 2.0 websites display dynamic content using
javascript instead of a static webpage and are not likely to display the block page. Users are still properly
blocked from performing data security violations, but they may not always be informed of this by the
website.
provides a block page that the Web Proxy sends to the end user. However, not all websites display the
block page to the end user. For example, some Web 2.0 websites display dynamic content using
javascript instead of a static webpage and are not likely to display the block page. Users are still properly
blocked from performing data security violations, but they may not always be informed of this by the
website.