Cisco Cisco Web Security Appliance S670 用户指南
16-12
AsyncOS 8.8 for Cisco Web Security Appliances User Guide
Chapter 16 Prevent Loss of Sensitive Data
Controlling Upload Requests Using External DLP Policies
Controlling Upload Requests Using External DLP Policies
Once the Web Proxy receives the upload request headers, it has the information necessary to decide if
the request should go to the external DLP system for scanning. The DLP system scans the request and
returns a verdict to the Web Proxy, either block or monitor (evaluate the request against the Access
Policies).
the request should go to the external DLP system for scanning. The DLP system scans the request and
returns a verdict to the Web Proxy, either block or monitor (evaluate the request against the Access
Policies).
Step 1
Choose Web Security Manager > External Data Loss Prevention.
Step 2
Click the link under the Destinations column for the policy group you want to configure.
Step 3
Under the Edit Destination Settings section, choose “Define Destinations Scanning Custom Settings.”
Step 4
In the Destination to scan section, choose one of the following options:
•
Do not scan any uploads. No upload requests are sent to the configured DLP system(s) for
scanning. All upload requests are evaluated against the Access Policies.
scanning. All upload requests are evaluated against the Access Policies.
•
Scan all uploads. All upload requests are sent to the configured DLP system(s) for scanning. The
upload request is blocked or evaluated against the Access Policies depending on the DLP system
scanning verdict.
upload request is blocked or evaluated against the Access Policies depending on the DLP system
scanning verdict.
•
Scan uploads to specified custom URL categories only. Upload requests that fall in specific
custom URL categories are sent to the configured DLP system for scanning. The upload request is
blocked or evaluated against the Access Policies depending on the DLP system scanning verdict.
Click Edit custom categories list to select the URL categories to scan.
custom URL categories are sent to the configured DLP system for scanning. The upload request is
blocked or evaluated against the Access Policies depending on the DLP system scanning verdict.
Click Edit custom categories list to select the URL categories to scan.
Step 5
Submit and Commit Changes.
Logging
The access logs indicate whether or not an upload request was scanned by either the Cisco IronPort Data
Security Filters or an external DLP server. The access log entries include a field for the Cisco IronPort
Data Security scan verdict and another field for the External DLP scan verdict based.
Security Filters or an external DLP server. The access log entries include a field for the Cisco IronPort
Data Security scan verdict and another field for the External DLP scan verdict based.
In addition to the access logs, the Web Security appliance provides the following log file types to
troubleshoot Cisco IronPort Data Security and External DLP Policies:
troubleshoot Cisco IronPort Data Security and External DLP Policies:
•
Data Security Logs. Records client history for upload requests that are evaluated by the Cisco
IronPort Data Security Filters.
IronPort Data Security Filters.
•
Data Security Module Logs. Records messages related to the Cisco IronPort Data Security Filters.
•
Default Proxy Logs. In addition recording errors related to the Web Proxy, the default proxy logs
include messages related to connecting to external DLP servers. This allows you to troubleshoot
connectivity or integration problems with external DLP servers.
include messages related to connecting to external DLP servers. This allows you to troubleshoot
connectivity or integration problems with external DLP servers.
The following text illustrates a sample Data Security Log entry:
Mon Mar 30 03:02:13 2009 Info: 303 10.1.1.1 - -
<<bar,text/plain,5120><foo,text/plain,5120>>
BLOCK_WEBCAT_IDS-allowall-DefaultGroup-DefaultGroup-NONE-DefaultRouting ns server.com nc