DLP examples
Blocking content with credit card numbers
When the objective is to block credit card numbers one of the important things to remember is that 2 filters will need to be used in the sensor.
In the default Credit-Card sensor, you will notice a few things.
• The Action is set to Log Only
• In the Files filter not all of the services are being examined.
If you wish to block as much content as possible with credit card numbers in it instead of just logging most the traffic that has it, the existing sensor will have to be edited.
1. Go to Security Profile > Data Leak Prevention
Some configurations will have a preconfigured Credit Card sensor where you can use the drop down menu to select Credit-Card. If your configuration doesn’t already have one create a new sensor.
2. Use the Create New icon to add a new sensor.
3. Create/edit the first filter. Use the following settings:
Filter
Filter | Messages |
Filter option | Credit Card # |
Examine the Following Services
Make sure all of the services are being examined.
Action
Set action to Block.
Select OK or Apply
4. Create/edit the first filter. Use the following settings:
Filter
Filter | Files |
Filter option | Credit Card # |
Examine the Following Services
Make sure all of the services are being examined.
Action
Set action to Block.
Select OK or Apply
5. Edit the appropriate policies so that under Security Profiles, DLP is turned on and the Credit-Card sensor is selected.