cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
434
Views
10
Helpful
7
Replies

CSA Data Theft Hole?

jmutuski
Level 1
Level 1

I followed the guide to test the data theft protection policy and it worked just fine on everything except attaching the file within the protected directory to an email generated by Outlook Web Access.

Is this a known hole or do I need to specify something else?

1 Accepted Solution

Accepted Solutions

tsteger1
Level 8
Level 8

Were you able to read the file?

I tried it and it sent a blank attachment.

Tom

View solution in original post

7 Replies 7

tsteger1
Level 8
Level 8

Were you able to read the file?

I tried it and it sent a blank attachment.

Tom

I did not. Let me find out.

Thanks,

John

It worked, however it didn't until after I went into the cloned data theft module and identified that one of the associated rules was not enabled. It was rule ID 153 - network application access.

Yep, it comes disabled by default. Not sure why though...

Hey, cool guide! Thanks for the link.

Maybe Cisco will include it on the CSA page:

http://www.cisco.com/en/US/products/sw/secursw/ps5057/index.html

Anyone listening?

Tom

rnaydenov
Level 1
Level 1

Can you post where that guide is?

Thanks.

It can be found here:

http://www.cisco.com/application/pdf/en/us/guest/products/ps5057/c1031/cdccont_0900aecd804f00d6.pdf

I found it to be one of the best pieces of Cisco

help I've seen them put out.

This is excellent! Do you know if anymore exist, specifically for MARS or NAC?

Thanks!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: