Currently tasked with seeing if our Ironports (C360 - v 7.5.1-028) can perform some of our PCI compliance criteria.
The request was as follows:
1. Any inbound email with credit card number present must have a notification sent to security group - done
2. The email must not go to the recipient(s) and also bounce back to the sender with a message stating we do not accept CC numbers through email - done
3. At no point should the CC number be included in any of the above emails - partially working
Using the advanced configuration guide I successfully created a filter in the CLI to perform these actions including changing the CC number to XXXX-XXXX-XXXX-XXXX BUT it only works on a single line. So if the CC number is not in the first line it ignores it.
I am using the "body-contains" rule and the guide does state "The body-contains() rule does not perform multi-line matching." however it also says "
When AsyncOS performs body scanning, it scans the body text and attachments for the regular expression"
So my question is basically how is it scanning the body text and at the same time cannot do mult-line matching??? I am confused
If there is a way to find a match on more than just the first line in the message body then please let me know.
Must you send the original e-mail back to the sender at all?
I'd do it the other way around; plonk the original message into a very limited-access quarantine and send a simple rejection back to the sender: "Dear colleague, your message $subject of $date appears to contain a credit card number contrary to [policy] and so cannot be delivered. Please see [intranet page URL] for advice." If you have reason to believe the sender's trying to be naughty with CC data, your quarantined message is your evidence for HR. If it's a false positive, you can release it. Your PCI rules may however dictate otherwise; you may want to double-check how much flexibility you really have here.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...