Cisco Cisco Email Security Appliance C170 Guia Do Utilizador
17-28
Cisco AsyncOS 8.5.5 for Email Security User Guide
Chapter 17 Data Loss Prevention
RSA Enterprise Manager
Step 5
Under Data Loss Prevention, select RSA Enterprise Manager.
Step 6
Enter the hostname for the Enterprise Manager server on your network that you want to use to manage
DLP policies and
DLP policies and
20000
for the port number. Separate the hostname and port number using a colon (
:
).
Step 7
To use an SSL connection between the Email Security appliance and Enterprise Manager:
a.
Check the Enable SSL Communication check box
b.
Select the Server Certificate. The server is Enterprise Manager.
c.
Select the Client Certificate. The client is the Email Security appliance.
You can use the same certificate for client and server.
Step 8
(Optional) If your deployment includes RSA’s DLP Datacenter, choose whether to enable fingerprinting
to improve detection of source code, databases, and other documents.
to improve detection of source code, databases, and other documents.
Step 9
(Optional) If message tracking is already enabled on your appliance, choose whether or not to enable
matched content logging.
matched content logging.
If you select this, the Email Security appliance logs DLP violations and AsyncOS displays the DLP
violations and surrounding content in Message Tracking, including sensitive data such as credit card
numbers and social security numbers.
violations and surrounding content in Message Tracking, including sensitive data such as credit card
numbers and social security numbers.
Step 10
Do not enable your appliance to automatically download updates to the DLP engine.
Step 11
Submit and commit your changes.
The Email Security appliance sends the configuration to Enterprise Manager, which automatically adds
the appliance as a partner device.
the appliance as a partner device.
Using LDAP to Identify Message Senders for Enterprise Manager
When the Email Security appliance sends DLP incident data to Enterprise Manager, the appliance must
include the complete LDAP distinguished names in order to identify message senders. The appliance
retrieves this information from an LDAP server.
include the complete LDAP distinguished names in order to identify message senders. The appliance
retrieves this information from an LDAP server.
Before You Begin
•
Complete all steps to this point in the table in
. The User Distinguished Name Query option is not
available unless you follow these instructions.
•
Create an LDAP server profile on your Email Security appliance. See
for more information.
•
Create a query string that the appliance will use to retrieve the complete distinguished name unless
you want to use the default query. For Active Directory servers, the default query string is
you want to use the default query. For Active Directory servers, the default query string is
(proxyAddresses=smtp:{a})
. For OpenLDAP servers, the default query string is
(mail={a})
. You
can define your own query and email attributes, including multiple attributes separated by commas.
Procedure
Step 1
Select System Administration > LDAP on the Email Security appliance.
Step 2
Edit the profile for the LDAP server you want to use.
Step 3
Select the check box for User Distinguished Name Query.