Controlling Uploads To Prevent Data Leakage

From Secure Web Gateway

Overview

Data Loss/Leak Prevention (DLP) is a technique that was designed to stop sensitive information from leaving any organization. 

Data can end up in the wrong hands, whether it’s sent, through email or instant messaging, forms on any website, file transfers, or any other means. DLP strategies must include solutions that monitor or, detect, and block the unauthorized flow of information.
In any organization main concern for administrator are-

  • Protecting data from external intruders and accidental leakage of sensitive information by employees.
  • Protect data against security threats caused by BYOD.
  • Monitor organization for inappropriate employee conduct and maintain forensic data of security events as evidence.

SafeSquid DLP module helps the administrator to overcome all these concerns. SafeSquid DLP protects organizations from information leaks and data loss at the perimeter and inside the organization, as well as in certain Infrastructure as a Service platforms. SafeSquid DLP restrict to Upload any kind of Content outside the corporate network to prevent data leakage. We shall permit text/plain content type to access all websites. We allow users only to upload Microsoft office document files and PDF files on whitelisted websites as per the policy of organization. 

In general administrator can allow the very specific file type(s) based on predefined content type(s) in his/her network for uploading.

Prerequisite

HTTPS Inspection should be enabled in SafeSquid. If not enabled, you can check our document - How to enable HTTPS Inspection

Access the SafeSquid User interface

RTENOTITLE

Block Uploads

SafeSquid SWG comes with predefined policies and profiles. You can add/modify policies and profiles as per your requirement.
Below we are using predefined Profile 'BLOCK UPLOADS' created in Access Profiles section. You can inspect the extended logs for 'BLOCK UPLOADS' profile getting applied after configuring DLP policy.

There are two ways to search any keyword or profiles inside SafeSquid set of policies from various section.

Search Policy method 1

You can search the keyword or profile name from Restriction Policies >> Access Profiles. You have to parse each and every rule from Access Profiles section one by one.

DLP 11.PNG

 

Search Policy method 2

Click on Search Icon situated on bottom right corner of SafeSquid WebGUI.

DLP 12.PNG


Enter the keyword or profile name into the value field of dialog box appeared on the screen. Click on search button to find the keyword or profile used inside various sections.
Click on search button to find the keyword or profile used inside various sections.
Below we are searching BLOCK UPLOADS to configure predefined DLP policy.

DLP 13.PNG

You will find a default policy in Policies and Profiles section as shown below. If not found or deleted accidently you need to create the same policy.
Click on Edit icon to modify the policy.

DLP 14.PNG


Modify this policy as per your requirement.

DLP 15.PNG


By default this policy is disabled, you need to enable this policy and save the policy/rule.

DLP 16.PNG
Go to DLP Section Configuration

Open DLP section to find default DLP rules. You can add/modify the rules as per your requirement.

DLP 17.PNG

Open Global Section of DLP

Make sure that global part of DLP section should be true.

DLP 18.PNG

Configure DLP Policy

Edit the DLP policy and save your changes.

DLP 19.PNG


Note : If you want to block all file uploads leave profiles field blank. But, we should permit text/plain content type to access all websites.
Choose action as Do_not_Bypass as shown below and save policy.

DLP 20.PNG
DLP 21.PNG

Save Configuration

Click on bottom left Icon to save the configuration.

DLP 22.PNG


You can save the current configuration to either in your local machine or to cloud. Storing configuration to cloud help you to restore your configuration in other instances.

DLP 23.PNG


Note: Creating / Using (predefined) profiles while creation of new policy will be helpful for capturing logs. In future these logs will be helpful to identify general operational details and security concerns.

Example

Generally in corporate sector Users should be restricted to Upload any kind of Content outside the corporate network to prevent data leakage. We shall permit text/plain content type to access all websites. We allow users only to upload Microsoft office document files and PDF files on whitelisted websites. 

In this scenario follow below steps:

Step 1 : Go to Categorization Web-site section from SafeSquid WebGUI and add all whitelisted websites into whitelist category.

Step 2 : Go to Policies and Profiles section and create new policy as shown below.

Here for our example we have created ALLOW DOCUMENT UPLOADS in Policies and Profiles Section. Further this profile will be bind with DLP policies.

Slide3.PNG
 

Step 3 : Create All the three policies under DLP Section as shown below.

Policy 1 : We restrict uploading of files, irrespective of a content type.

Policy 2 : We shall permit text/plain content type to access all websites.

Policy 3 : We allow users for uploading PDF and Microsoft office document files for Whitlisted Sites

Slide4.PNG
 

For testing purpose try to upload any file other than PDF and Microsoft office document files. File will not be uploaded.