DLP Lab

Product Chosen: Symantec DLP (Broadcom) Lab Task: Create a policy to prevent the transfer of sensitive data via email.

Lab Question:

Configure Symantec DLP to detect and block emails containing sensitive data, such as credit card numbers, from leaving the organization.

Answer (Steps):

  1. Request a trial from the Broadcom (Symantec) website.

  2. Log into the Symantec DLP Enforce console.

  3. Create a new policy:

    • Go to Manage > Policies > Policy List and click New Policy.

    • Name: "Block Sensitive Email".

    • Condition: Select "Content Matches Data Identifier" > "Credit Card Number".

    • Action: "Block" or "Quarantine".

    • Save the policy.

  4. Apply the policy to the email channel:

    • Go to System > Agents > Policies and ensure the policy is active for email traffic.

  5. Test the policy:

    • Send an email from a monitored account containing a dummy credit card number (e.g., 4111-1111-1111-1111).

Verification:

  • Check the DLP incident reports; the email should be blocked or quarantined, and an alert should be logged.

Setup Process:

  • Request a trial at broadcom.com.

  • Follow the provided installation guide to deploy the DLP Enforce server (may require a VM or server setup).

  • Configure the initial settings (e.g., network integration, email server connection) as per the trial instructions.

Lab Question:

Create a Symantec DLP policy to detect and block the transfer of files containing credit card numbers to USB drives.

Steps:

  1. Log into the Symantec DLP Enforce console.

  2. Create the policy:

    • Go to Manage > Policies > Policy List and click New Policy.

    • Name: "Block USB Credit Card Transfer".

    • Condition: Select "Content Matches Data Identifier" > "Credit Card Number".

    • Channel: Choose "Endpoint" > "Removable Storage".

    • Action: "Block".

    • Save the policy.

  3. Deploy to endpoints:

    • Go to System > Agents > Policies, apply the policy to the agent group.

  4. Test the policy:

    • On an endpoint, attempt to copy a file with a credit card number (e.g., 4111-1111-1111-1111) to a USB drive.

Verification:

  • Confirm the transfer is blocked and an incident appears in Incidents > All Incidents.

  • Check for a block notification on the endpoint.

Setup Notes:

  • Install the DLP agent on a test machine.

  • Use a physical or simulated USB drive.

Last updated