DLP Lab
Product Chosen: Symantec DLP (Broadcom) Lab Task: Create a policy to prevent the transfer of sensitive data via email.
Lab Question:
Configure Symantec DLP to detect and block emails containing sensitive data, such as credit card numbers, from leaving the organization.
Answer (Steps):
Request a trial from the Broadcom (Symantec) website.
Log into the Symantec DLP Enforce console.
Create a new policy:
Go to Manage > Policies > Policy List and click New Policy.
Name: "Block Sensitive Email".
Condition: Select "Content Matches Data Identifier" > "Credit Card Number".
Action: "Block" or "Quarantine".
Save the policy.
Apply the policy to the email channel:
Go to System > Agents > Policies and ensure the policy is active for email traffic.
Test the policy:
Send an email from a monitored account containing a dummy credit card number (e.g., 4111-1111-1111-1111).
Verification:
Check the DLP incident reports; the email should be blocked or quarantined, and an alert should be logged.
Setup Process:
Request a trial at broadcom.com.
Follow the provided installation guide to deploy the DLP Enforce server (may require a VM or server setup).
Configure the initial settings (e.g., network integration, email server connection) as per the trial instructions.
Lab Question:
Create a Symantec DLP policy to detect and block the transfer of files containing credit card numbers to USB drives.
Steps:
Log into the Symantec DLP Enforce console.
Create the policy:
Go to Manage > Policies > Policy List and click New Policy.
Name: "Block USB Credit Card Transfer".
Condition: Select "Content Matches Data Identifier" > "Credit Card Number".
Channel: Choose "Endpoint" > "Removable Storage".
Action: "Block".
Save the policy.
Deploy to endpoints:
Go to System > Agents > Policies, apply the policy to the agent group.
Test the policy:
On an endpoint, attempt to copy a file with a credit card number (e.g., 4111-1111-1111-1111) to a USB drive.
Verification:
Confirm the transfer is blocked and an incident appears in Incidents > All Incidents.
Check for a block notification on the endpoint.
Setup Notes:
Install the DLP agent on a test machine.
Use a physical or simulated USB drive.
Last updated