Configuring data loss prevention : Defining the sensitive data : DLP document fingerprinting
DLP document fingerprinting
One of the DLP techniques to detect sensitive data is fingerprinting (also called document fingerprinting). Most DLP techniques rely on you providing a characteristic of the file you want to detect, whether it’s the file type, the file name, or part of the file contents. Fingerprinting is different in that you provide the file itself. The FortiMail unit then generates a checksum fingerprint and stores it. The FortiMail unit generates a fingerprint for all email attachments, and compares it to all of the fingerprints stored in its fingerprint database. If a match is found, the configured action is taken.
Any type of file can be detected by DLP fingerprinting and fingerprints can be saved for each revision of your files as they are updated.
The FortiMail unit must have access to the documents for which it generates fingerprints. There are two methods to generate fingerprints:
One method is to manually upload documents to be fingerprinted directly to the FortiMail unit.
The other is to allow the FortiMail unit to access a network share that contains the documents to be fingerprinted.
If only a few documents are to be fingerprinted, a manual upload may be the easiest solution. If many documents require fingerprinting, or if the fingerprinted documents are frequently revised, using a network share makes user access easier to manage.
To configure manual document fingerprints
1. Go to Data Loss Prevention > Sensitive Data > Fingerprint.
2. Click New and configure the following:
GUI item
Description
Name
Enter a descriptive name for the fingerprint.
Description
Optionally enter a description.
File list
Click New to browse to the file and generate a fingerprint for it.
To configure a fingerprint document source
1. Go to Data Loss Prevention > Sensitive Data > Fingerprint Source.
2. Click New and configure the following:
GUI item
Description
Name
Enter a descriptive name for the document source.
Description
Optionally enter a description.
Server type
This refers to the type of server share that is being accessed. The default is Windows Share but this will also work on Samba shares.
Server address
Enter the IP address of the server.
User name
Enter the user name of the account the FortiMail unit uses to access the server network share.
Password
Enter the password of the account the FortiMail unit uses to access the server network share.
Path
Enter the path to the document folder.
File pattern
You may enter a filename pattern to restrict fingerprinting to only those files that match the pattern. To fingerprint all files, enter an asterisk (“*”).
Checking period
Check the files document source daily if the files are added or changed regularly.
Advanced
 
Scan subdirectories
By default, only the files in the specified path are fingerprinted. Files in subdirectories are ignored. Select this option to fingerprint files in subdirectories of the specified path.
Remove chunks
Select this option to retain the fingerprints of files deleted from the document source. If this option is disabled, fingerprints for deleted files will be removed when the document source is scanned next time.
Retain old chunks
Select this option to retain the fingerprints of previous revisions of updated files. If this option is disabled, fingerprints for previous version of files will be deleted when a new fingerprint is generated.