SYMANTEC DLP方案 - 20110331

DLP
XX
20110331

XX
2011331
XX
XX

XX
25
XX
XX
2010 Symantec Corporation. 2010 Symantec Corporation All Rights Reserved.

1 ...............................................................................6
2 ..................................................................... 6
2.1 ....................................................................6
2.1.1 Symantec Data Loss Prevention...............................................8
2.1.2 Symantec Data Loss Prevention Endpoint Prevent..............................8
2.1.3 Symantec Data Loss Prevention Endpoint Discover.............................9
2.1.4 Symantec Data Loss Prevention Network Discover..............................9
2.1.5 Symantec Data Loss Prevention Network Protect..............................10
2.1.6 Symantec Data Loss Prevention Data Insight.................................10
2.1.7 Symantec Data Loss Prevention Network Monitor..............................11
2.1.8 Symantec Data Loss Prevention Network Prevent for Email....................12
2.1.9 Symantec Data Loss Prevention Network Prevent for Web......................12
2.1.10 Symantec Data Loss Prevention Enforce Platform...........................13
2.2 .....................................................................13
2.3 .............................................................16
2.3.2 ........................................................36
2.3.3 ................................................................57
2.3.4 ................................................................90
2.3.5 ................................................................97
2.3.6 ...............................................................106
3 ................................................................... 107
3.1 ....................................................................107
3.2 ....................................................................108
3.2.1 DLP ...........................................................108
3.2.2 DLP ...............................................................113
3.2.3 DLP ...............................................................118
4 ......................................................... 122
4.1 ........................................................................122
4.1.1 ...............................................................122
4.1.2 .............................................................131
4.1.3 ...................................................................134
4.1.4 ...........................................................135
4.1.5 ...................................................................136
4.1.6 ...................................................................137
4.2 ........................................................................137
4.2.1 ...................................................................137
4.2.2 .............................................................138
4.2.3 ...................................................................139
5 ................................................................... 139
5.1 ............................................................................139
5.2 ........................................................................142
5.2.1 /......................................................142
5.2.2 .....................................150
5.2.3 ...............................................................151
5.3 ..............................................................153
5.3.1 .........................................................157
5.3.2 DLP .........................................159
1
XX
XX
XX
XX
XX

XX 2011 1
2
XX
2.1
Symantec DLP /

SYMANTEC DLP

Microsoft Word Powerpoint PDF
Enforce
Enforce Enforce
Enforce SYMANTEC DLP
SYMANTEC DLP ANDOR NOT
SYMANTEC DLP 60

SYMANTEC DLP
SYMANTEC DLP 15
USB
SMTP/HTTP/HTTPS/FTP SMTP
1000 10
DLP DMZ
2.1.1 Symantec Data Loss Prevention
Symantec Data Loss Prevention

Network DiscoverEndpoint Discover Data Insight

Network Monitor Endpoint Prevent

Network ProtectNetwork Prevent Endpoint Prevent
Enforce Platform
Data Loss Prevention
2.1.2 Symantec Data Loss Prevention Endpoint Prevent
Symantec Data Loss Prevention Endpoint Prevent

IMWeb FTP USB
Compact FlashSD CD/DVD
Print Screen
Data Loss Prevention Endpoint Prevent
XX

CD/DVD
PrintScreen

2.1.3 Symantec Data Loss Prevention Endpoint Discover
Symantec Data Loss Prevention Endpoint Discover

Data Loss Prevention Endpoint Discover

XX

Data Loss Prevention Endpoint DiscoverXX

XX
2.1.4 Symantec Data Loss Prevention Network Discover
Symantec Data Loss Symantec Data Loss Prevention Network Discover

Prevention
Web

Kam Golpariani
Data Loss Prevention Network DiscoverXX
First Advantage
Corporation

Data Loss Prevention Network DiscoverXX

2.1.5 Symantec Data Loss Prevention Network Protect
Symantec Data Loss Prevention Network Protect

(ERM) (ERM) XX
ERM
Ransom noteXX IT
FlexResponse
XX
ERM

2.1.6 Symantec Data Loss Prevention Data Insight
Symantec Data Loss Prevention Data Insight

XX
Data Loss Prevention Data Insight

Network Discover
Data Insight XX
XX
Data Insight Data

Insight XX
Data Insight
Symantec Data Loss 2.1.7 Symantec Data Loss Prevention Network Monitor
Prevention
Symantec Data Loss Prevention Network Monitor
IMWebFTPP2P TCP

Frederick CurryIT
WebIMFTPP2P TCP
Energen GB
Data Loss Prevention Network MonitorXX

PCI
Web
Facebook FTP


2.1.8 Symantec Data Loss Prevention Network Prevent for Email
Symantec Data Loss Prevention Network Prevent for Email
/
Data Loss Prevention Network Prevent for Email
(TLS)
XX
Microsoft Outlook Web Access
Data Loss Prevention Network Prevent for Email XX
2.1.9 Symantec Data Loss Prevention Network Prevent for Web
Symantec Data Loss Prevention Network Prevent for Web

Web
Data Loss Prevention Network Prevent for Web Web 2.0

/ Web XX
Web Facebook
XX
IMWeb FTP

2.1.10 Symantec Data Loss Prevention Enforce Platform
Symantec Data Loss Prevention Enforce Platform
XX
XX
XX XML
Web
XX
2.2
Network Discover

Network Protect
Data Insight

Endpoint Discover

Network Monitor
Network Prevent
Network Prevent for Email
Network Prevent for Web Web
Enforce Platform

(,
"123456789", "123-45-6789", "123456789", "123.45.6789")
( 20 )
200
-
( 100,000 )
(, SOX, PCI, BASEL )
(, , , )
300
Vontu Vontu
Vontu
AND/OR
agent agent
/ Vontu
LDAP LDAP
(
()
( 500,000 )
APIs
Syslog
( Guidance Encase)
API ( DRM )
Reporting API Vontu DB
Vontu
-
CORE IMPLEMENTATION SERVICES
ENTERPRISE ENABLEMENT SERVICES,
2.3
2.3.1.1

Email 1 policy->index documents->add document profile->
2 policy->add policy->add blank policy->

3.3.1.1 content match document signature
.1 body
3 Email prevent

Email 1 policy->index documents->add document profile->

.2 attachments
3 Email prevent

Proxy
1 policy->index documents->add document profile->


web
.3 body

3 web prevent

Proxy


web
.4 attachments

3 web prevent

Email
content matches keyword
3.3.1.1
body
.5
2 Email prevent

Email
3.3.1.1
attachments
.6
2 Email prevent

3.3.1.1 Proxy 1 policy->add policy->add blank policy->
.7 content matches keyword
body
2 web prevent

web

attachments
2 web prevent
Proxy

3.3.1.1

.8
web

Email

content matches regular expression
3.3.1.1
body
.9
2 Email prevent

Email

3.3.1.1
attachments
.10
2 Email prevent

Proxy
3.3.1.1
body
.11
web 2 web prevent

Proxy


3.3.1.1
attachments
.12 web
2 web prevent

3.3.1.1 Email 1 policy->add policy->add blank policy->
.13

attachments
2 Email prevent

Proxy

3.3.1.1
web
.14

attachments

2 Web prevent

DLP 330 admin guide page279 8-1 file
types
3.3.1.1
.15 DLP

3.3.1.1 advance setting ContentExtraction.EnableMetaData on
meta
.16 meta

3.3.1.1

.17

3.3.1.1 DLP IDM
.18
C+
+CJa
vaC#
Perl VH
DL
3.3.1.1 1 1
.19
Symantec_DLP_10.5_Admin_Guidepage 2982 DLP
analyzer3)

2 1

3.3.1.1 Symantec DLP 330
.20

EPD
3.3.1.1 Symantec DLP IDM
2007 EP
.21
D205

PCB
brd A
LLEGRO 1 v10.5 dwg/dxf/vsd brd
3.3.1.1 16.2
.22 ALLEGRO 2 brd 2011 12 31
15.5.1
dwgd
xf

doc d
ocx xls
xlsxp
pt pptx
SymantecDLP 330 110
mpp
3.3.1.1

.23
vsd txt
RTF
pdf eml
rar zi
pnsfp
st

gztar
3.3.1.1 1 v10.5 gztar7zip
7zip bzi
.24 2 bzip 2011 12 31
p

3.3.1.1 10 RAR/ZIP
.25 RAR ZI
P
7
3.3.1.1 1
.26
1 policy
2
select all

2 DLP

1 SymantecDLP meta

3.3.1.1 XX
2 XX / XX
.27
/

3.3.1.1
SymantecDLP meta
.28

3.3.1.1 SymantecDLP ContentExtraction API
.29 2011 12 31

SymantecDLP

1

Symantec_DLP_10.5_Admin_Guidepage 298
3.3.1.1
.30 2 DLP analyzer

3)
3.3.1.1 Base64Quoted-printable
.31 Base64 body MIME Email
Quoted- prevent MIME Content-Transfer-Encoding
printable Email prevent Content-Transfer-Encoding
Base64Quoted-printable

CC
3.3.1.1
Bcc Email prevent cc/bcc
.32

1 v10.5 to cc/bcc bcc

3.3.1.1 cc

.33 2 bcc bcc cc
ToCC
2011 12 31
Bcc

1 v10.5
3.3.1.1
2 / 2011
.34
12 31

Network Prevent (Web) Internet (ICAP) HTTPHTTPS
FTP Web Prevent
Server HTTP HTTP
The Symantec Data Loss Prevention http :
GET
PUT
ICAP POST
GET ftp (FTP requests that are tunneled through HTTP)

3.3.1.1
Proxy
.35
1. HTTP Internet
2. Web
Hotmail Secret

3. Enforce Server > -

4.
3.3.1.1 ICAP Network Prevent (Web) Internet (ICAP) HTTPHTTPS

.36 FTP Web Prevent
Server HTTP HTTP
Proxy The Symantec Data Loss Prevention http :
GET
PUT
POST
GET ftp (FTP requests that are tunneled through HTTP)

1. HTTP Internet
2. Web

3. Enforce Server > -

4.
Proxy 1 v10.5 1)
2

GB2312 domain
G
BK 2 2011 12 31
GB18030
big5
3.3.1.1
UTF
.37
8 UTF1
6

2.3.1.2

Exchange2010
3.3.1.2.1 Exchange2010

SymantecDLP Email prevent SSL/TLS MTA Email
3.3.1.2.2
TLS prevent
3.3.1.2.3 ISA 2005
proxy Network Prevent (Web)

Network Prevent (Web) Server HTTP

Network Prevent (Web)
HTTPHT
TPSFTP
Blue Coat
over
ProxySG
HTTP
Blue Coat
FTP
HTTPFT
Blue Coat
P over
NetCache
HTTP
HTTPHT
Cisco IronPort TPS
Cisco IronPort
S FTP over
HTTP
Symantec Data
Loss Prevention
Integration Guide for
Microsoft Internet
HTTP Security and
Acceleration
Microsoft ISA
FTP over ServerSymantec
HTTP Data Loss Prevention
Microsoft
Internet Security and
Acceleration
Server
Secure HTTPHT Secure Web

Computing TPSFTP DLP

over
Secure Web Secure Web
HTTP
(Webwasher)
FTP
Symantec Data
Loss Prevention
Integration Guide for
Squid Web Squid Web
HTTP
ProxySymantec
Data Loss Prevention
Squid
Web
McAfee
3.3.1.2.4 MWG7.0 McAfee MWG7.0

2 2 TAP
2 2 TAP
3.3.1.2.5

2 1 TAP
3.3.1.2.6 2 1 TAP

2.3.2
2.3.2.1



content match document signature

3.3.2.1.1

3 Endpoint prevent

1 v10.5 IDM

endpoint agent
3.3.2.1.2

2 2011 12 31

1 v10.5 IDM

endpoint agent

3.3.2.1.3

2 2011 12

31


3.3.2.1.4

2 Endpoint prevent

1
3.3.2.1.5
2 v11.5 v12

1
3.3.2.1.6
2 v11.5 v12

3.3.2.1.7 1
2 v11.5 v12
FTP HTTP

DLP IDM
3.3.2.1.8
C+
+ C Java
C#Perl
VHDL
3.3.2.1.9
2 endpoint prevent
DLP IDM
3.3.2.1.1

0

3.3.2.1.1 1
1 1
Symantec_DLP_10.5_Admin_Guide page 298 2
DLP analyzer
3)

2 1

EPD2007
3.3.2.1.1 Symantec DLP IDM

2
EPD2005

PCB

brdALLEGRO
1 v10.5 dwg/dxf/vsd
3.3.2.1.1 16.2 ALLEG
2 brd 2011
3 RO
12 31
15.5.1 d
wgdxf

doc docx
xlsxlsx
pptpptxm
SymantecDLP 330 110
3.3.2.1.1 pp

4
vsdtxtRT
F pdf eml
rar zip
msg

1 v10.5 nsf
3.3.2.1.1 nsf
2 nsf 2011 12
5
31
3.3.2.1.1 SymantecDLP
6

1
Symantec_DLP_10.5_Admin_Guidepage 298
2 DLP analyzer
3)

2.3.2.2

3.3.2.2.1 Endpoint Prevent
Endpoint Server Endpoint Server
Symantec DLP Agent Symantec DLP Agent
Endpoint ServerEndpoint Prevent

IM
HTTP/HTTPS
/SMTP
FTP
CD/DVD
/

1 policy

2 also match

3.3.2.2.2

http

3.3.2.2.3 http

http
1 http

3.3.2.2.4 2SymantecDLP endpoint local drive

https

3.3.2.2.5 3.3.2.2.1 https/ssl

1v10.5 SMB
SMB SymantecDLP endpoint local drive

3.3.2.2.6

2 SMB 2011 12
31
1v10.5 SMB

SymantecDLP endpoint local drive

3.3.2.2.7

2

2011 12 31

1 policy
printer/fax

3.3.2.2.8

2 also match

3.3.2.2.9 1 v10.5 MSN/AIM/YAHOO

MSN skype
Skype 2 skype 2011 12 31

P2P 1 v10.5 P2P
3.3.2.2.1
2 P2P 2011 12 31
0

1 policy
printer/fax

FTP
3.3.2.2.1

1

2 also match

3.3.2.2.1
2 1 policy
FTP

printer/fax

2 also match

PL/sql
SQL
Plus 1 v10.5
PL/sqlsqlplus
3.3.2.2.1

3
2
SQL 2011 12 31

1 v10.5 ssh
3.3.2.2.1
SSH 2 ssh 2011 12 31
4

1 v10.5

3.3.2.2.1
TCP
5 2

2011 12 31

IP+ 1 v10.5 IP+
3.3.2.2.1
6 2 IP+
2011 12 31

2.3.2.3

1 v10.5

3.3.2.3.1 2 2011

12 31
1

3.3.2.3.2 2 v11.5

v12
1
MD5
3.3.2.3.3 2 v11.5

v12
1
3.3.2.3.4 2 v11.5
v12
1 SEP

3.3.2.3.5
2 v11.5
v12
1

3.3.2.3.6 2 v11.5

v12
1
3.3.2.3.7 2 v11.5
v12
1 SEP

3.3.2.3.8
2 v11.5
v12
2.3.2.4

1 policy

removable storage
3.3.2.4. U
1
2 also match

3.3.2.4. 1 policy
2

CD/DVD
2 also match
2.3.2.5

3.3.2.5.1 DLP agent

3.3.2.5.2 SEP

3.3.2.5.3 SEP
3.3.2.5.4 SEP DLP
3.3.2.5.5 SEP DLP
1 v10.5
3.3.2.5.6 2 2011
12 31
3.3.2.5.7 DLP agent
3.3.2.5.8 DLP agent
prevent agent agent
3.3.2.5.9
prevent
1 v10.5
3.3.2.5.10 2 2011
12 31
1 v10.5
2 2011
3.3.2.5.11 12 31
3 SEP snac

3.3.2.5.12
3.3.2.5.13
1 v10.5

3.3.2.5.14 2 2011

12 31
2.3.2.6

1 symantecDLP SEP11
XX

3.3.2.6.1 2 symantecDLP XX
SEP11SPESCP
SPESCPM
M

1 v10.5
WinXP Win2003 WinXPWin2003Win7Vista
3.3.2.6.2
Win7VistaWin200 2 win2008 2011
8 DLP Agent 12 31
Red 1
3.3.2.6.3 HatAIXSolaris 2 v11.5 v12
DLP Agent
2.3.3
2.3.3.1

3.3.3.1.1 1 system->Group directories->create new
connection AD

2 AD test connection AD

3 group
create a new endpoint user group

AD user group
4 policy group
user
5 detection
IDM/EDM
6
1 policy
detectiongroupresponsedetection
group response

DLP
2 group
ipusername

Email

Email

3.3.3.1.2
Email

Ema
il

3.3.3.1.3 policy group IP

IP
1 also match

2 system-
>protocol->add protocol

3.3.3.1.4

3.3.3.1.5 1 policy
Email detectiongroupresponsedetection
group response
/

response network prevent modify smtp
message

Email

3.3.3.1.6

DLP
3.3.3.1.7
location /

1 policy group

2 policy group
3.3.3.1.8

3 group
IP

3.3.3.1.9
1 group
ipusername /

/ 2 group /
VIP

3 group
ipusername /

/ 4 group /
VIP
3.3.3.1.1
0
3.3.3.1.1
1 1 group
ipusername /

/ 2 group /
VIP

1 group
ipusername /

/ 2 group /
VIP
3.3.3.1.1
2
3.3.3.1.1
3 1 group
ipusername /

2 group /
VIP

1 group
ipusername/
/
2 3 1
group pattern 2
EDM EDM group 3
/ group
3 group /

VIP

3.3.3.1.1
4
3.3.3.1.1 1 group
5 /
2 group /
VIP

/ group /

/

3.3.3.1.1
6
3.3.3.1.1
7
3.3.3.1.1 1
8 1 policys->response rules, All: Limit
Incident Data Retention2

3.3.3.1.1 1 31
9 group pattern 2 EDM 3
group user group

2

3.3.3.1.2 1 v10.5

0 2 2011 12 31

ICAP

1 group ip/ip
username/
/
3.3.3.1.2
2 Group DLP / icap
1
web prevent

IP IP

2.3.3.2

3.3.3.2.1 Email symantecDLP enforce
Preventor
SensorEnd
pointICAP
Server

3.3.3.2.2
symantecDLP IP
ID

IP IP symantecDLP IP
3.3.3.2.3
ID

symantecDLP IP
3.3.3.2.4 ID

symantecDLP IP
3.3.3.2.5 ID

symantecDLP

3.3.3.2.6

3.3.3.2.7

3.3.3.2.8

3.3.3.2.9

3.3.3.2.1

0

3.3.3.2.1
1

3.3.3.2.1 /

2 /

AD

Email 1 Email

2
1policys->response rules, All: Limit Incident
Data Retention2

3.3.3.2.1
3

3.3.3.2.1 2 Email
4

IP 3
IP 1policys->response rules, All: Limit Incident
Data Retention2

3.3.3.2.1 1 v10.5 GMT

5 2 GMT 2011 12 31

GMT

3.3.3.2.1
6
HTTP

HTTP

URL UserA
gent Acti
on Date
Time User

3.3.3.2.1
7

symantecDLP IP
IP
3.3.3.2.1

8

symantecDLP IP

3.3.3.2.1
Policy
9

3.3.3.2.2 symantecDLP IP
0

3.3.3.2.2 report

1

Symantec_DLP_10.5_Reporting_API_Developers_Guide

3.3.3.2.2

2 Symantec_DLP_10.5_Reporting_API_Developers_Guide

3.3.3.2.2

3

3.3.3.2.2
excel/xml
4
Excel

1 DLP excel/xml

3.3.3.2.2

5 2 DLP event

1.

3.3.3.2.2

6
2

N

3.3.3.2.2

7

3.3.3.2.2

8

2.3.4

3.3.4. symantecDLP 3 1upload2

1 3

3.3.4. symantecDLP EDM IDM

2 EDM

nsf
3.3.4. 1 v10.5

3 2 2011 12 31

3.3.4.
C+ C++CJavaC#PerlVHDL
4
+ C Jav
aC#Per
lVHDL

docdoc
xxlsxls
xpptpp
txmpp
3.3.4. docdocxxlsxlsxpptpptxmpp

5 vsdtxtRTFpdfemlrarzipmsg
vsd txt
RTF pdf
eml rar
zipmsg

3.3.4.
6 SMBSam SMBSamba
ba

3.3.4.

7

3.3.4.
Hash symantecDLP Hash
8

3.3.4. 1 v10.5

9 2 2011 12 31
hash or

filter

3.3.4.
10

3.3.4. schedule
11

3.3.4. 1 v10.5

12 2 2011 12 31

3.3.4. enforce enforce index.log
13

unregister
3.3.4. 1

14 2 v11.5 v12

3.3.4. 1

15 2 v11.5 v12

3.3.4.
16

3.3.4. Sensor
symantecDLP
17 PreventE
ndpointI
CAP
Server
3.3.4. symantecDLP sym
18

3.3.4. 1 v10.5 remote EDM IDM

19 2 IDM remote 2011 12 31

3.3.4.
enforce
20

3.3.4. schedule DLP documentprofiles zip

21

symantecDLP
1
3.3.4.
22

3.3.4.
SymantecDLP IDM
23

2.3.5
2.3.5.1

ICAP
symantecDLP enforce DLP
3.3.5.1.1 Server

Sensor

3.3.5.1.2

3.3.5.1.3
CPU

IO
3.3.5.1.4 Enforce

Enforce DLP
3.3.5.1.5

failover
3.3.5.1.6 failover ,
,

symantecDLP Email prevent
3.3.5.1.7
MTA MTA

MTA

MTA

Email prevent
3.3.5.1.8
, DEBUG

3.3.5.1.9
,

3.3.5.1.10

DLP export

DLP template

3.3.5.1.11

1 v10.5

3.3.5.1.12 2 2011 12

31

3.3.5.1.13

12enforce INDEX

3.3.5.1.14

2.3.5.2

Email
PreventerSensorEndp Enforce
3.3.5.2.1
oint ICAP Server

3.3.5.2.2

DLP DLP
3.3.5.2.3 Enforce event DLP

3.3.5.2.5 Email Preventer 1symantecDLP

.log
0.log open .log

2

2.3.5.3

5.5.3.1

Enforce Server

Symantec Data Loss
Prevention

ISR
ISM
(ISR)
(ISM)

Enforce Server

User01
Report System Admin
User01
Login: System Admin/User01
1

5.5.3.2
2

OS os DLP
5.5.3.3 OS DLP

5.5.3.4. OS Os administrator

5.5.3.5

5.5.3.6

5.5.3.7 DLP

5.5.3.8

1 v10.5
5.5.3.9 2 2011 12
Enable 31

Enable
5.5.3.10

Enable

5.5.3.11
2011 6 30

2.3.6
2.3.6.1 DLP

22msg/s 250KB
3.3.6.1.1 600001G 20

20
3.3.6.1.2 CPU <60%<70%
3.3.6.1.3 <60%<70%

8msg/s 250KB
3.3.6.1.4 100001G 20
20
3.3.6.1.5 CPU <60%<70%
3.3.6.1.6 <60%<70%

8msg/s 250KB 80001G
3.3.6.1.7 20 20

3.3.6.1.8 CPU <60%<70%
3.3.6.1.9 <60%<70%
1 symantecDLP
2 Email prevent 110KB 25 msg/s, 250kB
8msg/s (8c+16G )
3 Enforce
2.3.6.2 Proxy
Proxy

50000 4000 req/s,
3.3.6.2.1
150Mbps
3.3.6.2.2 CPU <60%<70%
3.3.6.2.3 <60%<70%
symantecDLP
Web prevent 1-4k 20Mbps 500r/s (8c+16G )
3.1
DLP DLP DLP

DLP Exchange DLP
DLP DLP DLP DLP DLP DLP
DLP DLP proxyDLP DLP

DLP DLP
proxy internet DLP

DLP
3.2
3.2.1 DLP
3.2.1.1 DLP
Detection server network monitor/Preventendpoint discover/preventnetwork

discover/provent network monitor/Prevent
SMTPweb webHTTP/HTTPSFTP
web network Prevent Email Prevent
Symantec Data Loss Prevention Network Monitor IM

WebFTPP2P TCP
WebIMFTPP2P TCP
GB

PCI
Web Facebook
FTP
3.2.1.2
3.2.1.2.1
smart response
Network
Protect Network Prevent

:
:
syslog (SIEM)
: Syslog

: Syslog

:
:

:
:

:
:

:
:

Endpoint Prevent: USB
Endpoint Prevent:

Endpoint Prevent:
Endpoint Prevent:
Endpoint Prevent:
Endpoint Prevent:
Network Prevent: FTP

FTP Network Prevent: FTP
Network Prevent: Web

HTTP/HTTPS Network Prevent: HTTP/S
Network Prevent:
SMTP Network Prevent: SMTP
Network Prevent:

SMTP
Network Prevent: SMTP
Network Prevent: HTTP/HTTPS

HTTP/HTTPS Network Prevent: HTTP/HTTPS
Network Protect )
Network Protect:
Network Protect:
Network Protect )
Network Protect:
Network Protect:
3.2.1.2.2
XX

/ VIP

/
/ VIP

/
/ VIP

VIP

VIP

/
DLP
3.2.1.2.3
Source Destination Protocol Port Action Comment
Enforce Email prevent TCP 8100 Allow

Enforce IDM TCP 139, Allow CIFS shares for document
445 FP Collect
Email prevent Enforce TCP 8100 Allow

3.2.2 DLP
3.2.2.1 DLP
Endpoint Prevent
Endpoint Server Endpoint Server Symantec DLP Agent
Symantec DLP Agent Endpoint ServerEndpoint Prevent

IM
HTTP/HTTPS
/SMTP
FTP
CD/DVD
/

Vontu Endpoint Prevent

USB SCSI CD/DVD
Vontu Endpoint Agent Vontu Enforce Vontu

Endpoint Prevent Vontu Endpoint Agent Microsoft
API
USB CD/DVD
API Vontu Endpoint Agent
Vontu Endpoint Agent
Vontu Endpoint Agent Vontu Endpoint Server Vontu Enforce
Vontu Endpoint Prevent

Vontu Endpoint Agent Vontu
Endpoint Agent USB 20KB Microsoft Office
MP3 Vontu Endpoint Prevent Vontu
Endpoint Agent Endpoint
Agent 50KB Microsoft Office PDF
3.2.2.2
3.2.2.2.1
web

smart response
Network
Protect Network Prevent

:
:
syslog (SIEM)
: Syslog

: Syslog

:
:

:
:

:
:

:
:

Endpoint Prevent: USB
Endpoint Prevent:

Endpoint Prevent:
Endpoint Prevent:
Endpoint Prevent:
Endpoint Prevent:
Network Prevent: FTP

FTP Network Prevent: FTP
Network Prevent: Web

HTTP/HTTPS Network Prevent: HTTP/S
Network Prevent:
SMTP Network Prevent: SMTP

Network Prevent:

SMTP
Network Prevent: SMTP
Network Prevent: HTTP/HTTPS

HTTP/HTTPS Network Prevent: HTTP/HTTPS
Network Protect )
Network Protect:
Network Protect:
Network Protect )
Network Protect:
Network Protect:
3.2.2.2.2
XX

//local
drive/http/https/smtp/cd& VIP
dvd/print&fax/removablest
orage

//
/local VIP
drive/http/https/smtp/cd&

orage

//
/local VIP
drive/http/https/smtp/cd&

orage

/local
orage

/local
orage

3.2.2.3
DLP SEP SEP

SEP DLP
DLP
DLP , XX SPES SEP SNAC
DLP
3.2.2.4
Vontu Endpoint Agent CPU I/O

Vontu Endpoint Agent
CPU
Vontu Endpoint Server Vontu Endpoint Agent
MB
3.2.2.5
Vontu Endpoint Agent DCM

Vontu Endpoint Server
EDMIDM DGM Vontu Endpoint Server
Vontu Endpoint Agent 5%
Vontu Endpoint Agent Vontu Endpoint Server MB
filter
3.2.3 DLP
3.2.3.1
Enforce Server

ISR
ISM (ISR) (ISM)
Enforce Server
User01
Report System Admin User01 Login:
System Admin/User01
XX

/

policy group
policy group
/ policy group
1-2
3.2.3.2
XX

Web
XX policy group
3.2.3.3
DLP Incident Respond Team IRT

IRT 2

DLP

2

1

DLP
2

1.
3.2.3.4
DLP
3.2.3.5 IT
1.
2. IRT
3. %
4. %
5. %
3.2.3.6
1.
2.
3.
4.
5.
3.2.3.7
1.
2.
3.
4.
5.
3.2.3.8
Symantec Data Loss Prevention (DLP)

report API

Report Report Report

Name Product Description
Network
Exec. SummaryNetwork Dashboard

Incidents - Week, Current Network
Incidents - All Network

Incidents - New Network
Policy Summary Network

Policy Trend Network
Status by Month Network 30
Status by Policy Network
Protocol Summary Network

Protocol Trend Network
Aging Unres. Incidents Network Open

High Risk Senders - All Network
Incidents
High Risk Senders - High Network

Severity
Top Recipient Domains Network
Endpoint
Exec. Summary - Endpoint Dashboard windows

Incidents - Week, Current Endpoint
Incidents - All Endpoint

Incidents - New Endpoint
Policy Summary (Remov. Endpoint

Media)
Policy Trend (Remov. Media) Endpoint
Policy Summary (Downloads) Endpoint

Policy Trend (Downloads) Endpoint
Status Summary Endpoint

Status by Month Endpoint
Status by Policy Endpoint
Aging Unres. Incidents Endpoint Open

High Risk Users - Remov. Endpoint
Media
High Risk Users - Downloads Endpoint
3.2.3.9
SymantecDLPcpu/disk/

4.1
XX XX
XX
4.1.1
4.1.1.1
Authorizing
Initiating
Planning
Executing
Closing
Monitoring & Controlling
4.1.1.2
DLP

DLP
DLP

DLP DLP
CISO, CIO
IRT

PMO,

()

DBALDAP

-

-

-

-

Gramm-Leach-Bliley (GLBA)PCI

1-5 1
5
DLP
+=
/
/ NAT DLP

Windows
Lotus NotesSharepoint Documentum
DLP
Altiris SMS
10,000 2 3
/
Windows

DLP90% DLP

DLP 2
2
A B C

DLP DLP
DLP DLP
DLP
DLP
DLP DLP
3 4
DLP

SSN

BU

IP
4 DKP
SSN
IP
IRT
DLP
1-3 1-3 30 30

DLP

1.
2.
3.
4.
5.

1.
2.
3.
4.
5.

1.
2.
3. %
4. %
5. %
90 180
DLP
DLP
//
4.1.1.3
DLP
1.
2.
3. EDMIDMDGM
4.
1.
2. Oracle
3.
4. EDM, IDM, or DGM
5. -
DLP
DLPLDAPDNS
DLP
EDMIDMDGM
DLP MatchTM EDM IDM
DGM
/
DLP
DLP
DLP
1. DIM DAR DAE

2.
3.
4.
5.

4.1.2
4.1.2.1

Baseline
4.1.2.2
4.1.2.3
Walkthrough
4.1.2.4
4.1.2.5
4.1.2.6
4.1.2.7
XX
4.1.3
4.1.3.1
XX
4.1.3.2
XX XX
4.1.3.3

XX U
XX XX

XX

XX
XX u

XX

XX XX

XX
4.1.4
XX DLP

1. 5

2.DLP 5

3.
DLP
30

3. DLP 4
3 /
5.DLP DLP 4
DLP
FAQ
6. 6
FAQ

38
4.1.5

XX

XX

4.1.6
XX 3
4.2
4.2.1

DLP
DLP

Symantec Data Loss Prevention System Requirements and Compatibility Guide
Symantec Data Loss Prevention Administration Guide
Symantec Data Loss Prevention Installation Guide for Windows
Symantec Data Loss Prevention Installation Guide for Linux
Symantec Data Loss Prevention Upgrade Guide for Windows
Symantec Data Loss Prevention Upgrade Guide for Linux
Symantec Data Loss Prevention Reporting API Developers Guide
Symantec Data Loss Prevention FlexResponse Platform Developers Guide
Symantec Data Loss Prevention Integration Guide for Microsoft Internet Security and
Acceleration Server
Symantec Data Loss Prevention MTA Integration Guide for Network Prevent (Email)
Symantec Data Loss Prevention Integration Guide for Squid Web Proxy
Symantec Data Loss Prevention Lookup Plug-in Guide
Symantec Data Loss Prevention Network Monitor and Prevent Performance Sizing
Guidelines
Symantec Data Loss Prevention System Maintenance Guide
Symantec Data Loss Prevention Oracle Installation and Upgrade Guide
Symantec Data Loss Prevention Custom File Type Detection Guide
Symantec Data Loss Prevention Data Insight Implementation Guide
Symantec Data Loss Prevention Solution Packs
Symantec Data Loss Prevention online Help

4.2.2
.pdf

4.2.3
XX
IT
Symantec 5
DLP

Symantec Data Loss DLP Installation and 5
Prevention 10.5 deploy
Installation and
deploy
Symantec Data Loss DLP administration
Prevention 10.5
administration I
Symantec Data Loss DLP administration
Prevention 10.5
administration II

SYMANTEC DLP方案 - 20110331

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SYMANTEC DLP方案 - 20110331

Uploaded by

Copyright:

Available Formats

DLP

2010 Symantec Corporation. 2010 Symantec Corporation All Rights Reserved.

Enforce SYMANTEC DLP

SYMANTEC DLP ANDOR NOT

2.1.1 Symantec Data Loss Prevention

Symantec Data Loss Prevention

Symantec Data Loss Prevention

Data Loss Prevention

2.1.2 Symantec Data Loss Prevention Endpoint Prevent

Symantec Data Loss Prevention Endpoint Prevent

Data Loss Prevention Endpoint Prevent

2.1.3 Symantec Data Loss Prevention Endpoint Discover

Symantec Data Loss Prevention Endpoint Discover

Data Loss Prevention Endpoint Discover

2.1.4 Symantec Data Loss Prevention Network Discover

Symantec Data Loss Symantec Data Loss Prevention Network Discover

Data Loss Prevention Network DiscoverXX

Symantec Data Loss Prevention Network Protect

2.1.6 Symantec Data Loss Prevention Data Insight

Symantec Data Loss Prevention Data Insight

Data Loss Prevention Data Insight

Data Insight Data

Data Loss Prevention Network MonitorXX

Data Loss Prevention Network MonitorXX

Symantec Data Loss Prevention Network Prevent for Email

Data Loss Prevention Network Prevent for Email XX

2.1.9 Symantec Data Loss Prevention Network Prevent for Web

Symantec Data Loss Prevention Network Prevent for Web

Data Loss Prevention Network Prevent for Web Web 2.0

2.1.10 Symantec Data Loss Prevention Enforce Platform

Symantec Data Loss Prevention Enforce Platform

Symantec Data Loss Prevention

Symantec Data Loss Prevention

2 policy->add policy->add blank policy->

2 policy->add policy->add blank policy->

1 policy->add policy->add blank policy->

1 policy->add policy->add blank policy->

3.3.1.1 ICAP Network Prevent (Web) Internet (ICAP) HTTPHTTPS

Network Prevent (Web)

Secure HTTPHT Secure Web

3.3.2.2.9 1 v10.5 MSN/AIM/YAHOO

create a new endpoint user group

3.3.3.1.3 policy group IP

DLP DLP DLP

DLP DLP proxyDLP DLP

Detection server network monitor/Preventendpoint discover/preventnetwork

Symantec Data Loss Prevention Network Monitor IM

Data Loss Prevention Network MonitorXX

Data Loss Prevention Network MonitorXX

Network Prevent: FTP

Network Prevent: Web

Network Prevent: HTTP/HTTPS

Enforce Email prevent TCP 8100 Allow

Vontu Endpoint Prevent

Vontu Endpoint Agent Vontu Enforce Vontu

Vontu Endpoint Agent Vontu Endpoint Server Vontu Enforce

Vontu Endpoint Prevent

Network Prevent: FTP

Network Prevent: Web

Network Prevent: HTTP/HTTPS

DLP SEP SEP

Vontu Endpoint Agent CPU I/O

Vontu Endpoint Agent DCM