Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
New Member

content filters on public mail i.e. gmail, yahoo etc

is there a way to create content policies on web security appliances on information sent on public mails( gmail yahoo ) or IMs?
it might sound stupid as you cannot control the mail server so filter what can be sent out or not but on the other hand you can monitor the web traffic
:-)

12 REPLIES
New Member

Re: content filters on public mail i.e. gmail, yahoo etc

You might be referring to our DLP (Data Loss Prevention) seen on 6.0 and above. Below is a clip from our User Guide, you can search for that section to see if it fits your needs.


DATA SECURITY AND EXTERNAL DLP POLICIES OVERVIEW

In the Information Age, your organization’s data is one of its most prized possessions. Your
organization spends a lot of money making data available to your employees, customers, and
partners. Data is always on the move by traveling over the web and email. This increased
access poses challenges for information security professionals to figure out how to prevent the
malicious, accidental, or unintentional loss of sensitive and proprietary information.
The IronPort Web Security appliance secures your data by providing the following
capabilities:
• IronPort Data Security Filters. The IronPort Data Security Filters on the Web Security
appliance evaluate data leaving the network over HTTP, HTTPS, and FTP to control what
data goes where and how and by whom.
• Third party data loss prevention (DLP) integration. The Web Security appliance integrates
with leading third party content-aware DLP systems that identify and protect sensitive
data. The Web Proxy uses the Internet Content Adaptation Protocol (ICAP) which is a
lightweight HTTP based protocol that allows proxy servers to offload content scanning to
external systems. By offloading the content scanning to dedicated external systems, the
Web Proxy can take advantage of the deep content scanning in other products while
being free to perform other Web Proxy functions with minimal performance impact.

New Member

h

hello khoa,
many thanks for the reply.
no plan to implement a dlp solution ( i.e. verdasys) what i want to focus on is the following as mentioned by you:
- "IronPort Data Security Filters. The IronPort Data Security Filters on the Web Security appliance evaluate data leaving the network over HTTP, HTTPS, and FTP to control what data goes where and how and by whom. "
is it possible to know any where to find m ore info and any example on the above?
cheers

New Member

Re: content filters on public mail i.e. gmail, yahoo etc

More info on our site: http://www.ironport.com/technology/ironport_dlp_overview.html

there are a few pdf there, but the User Guide can help with the setup if needed.

New Member

Re: content filters on public mail i.e. gmail, yahoo etc

hi again khoa,
well i am trying to activate the data security service on the ironport web appliance but i am having some difficulties.
any idea how to activate it?
here is an excerpt from the guide:
enable the IronPort Data Security Filters. To scan upload requests on the appliance, you must first enable the IronPort Data Security Filters. Usually, the IronPort Data Security Filters feature is enabled during the initial setup using the System Setup Wizard. Otherwise, go to the Security Services > Data Security Filters page to enable it.
i am finding no where the data security filters page at the security services.

the appliance is s160
cheers

New Member

Re: content filters on public mail i.e. gmail, yahoo etc

What version are you using? This feature is only available with AsyncOS for Web 6.0 and later.

New Member

Re: content filters on public mail i.e. gmail, yahoo etc

yes it is the problem of the version
it is upgraded now but still it has some problems.
it cant block specific file name

New Member

Re: content filters on public mail i.e. gmail, yahoo etc

is the idsdataloss_logs showing anything? it might give you some clues, if not a support ticket might be needed.

New Member

Re: content filters on public mail i.e. gmail, yahoo etc

where to find it? ids_datalogd???

New Member

Re: content filters on public mail i.e. gmail, yahoo etc

where i can find the ids logs?

have another question
has anyone tried to find the user name that is entered in the web mail account login page?
any idea if this is doable?
( from the access logs of the irononport?)

New Member

Re: content filters on public mail i.e. gmail, yahoo etc

You can find the Data Security Logs in the same place as all log files on the WSA (such as the Access logs). You can find them from the GUI by going to the System Administration > Log Subscriptions page. For more information on how to retrieve log files, see the Logging chapter in the user guide.

As for your other question, I'm not sure I can help you. My *guess* is that you can't, but hopefully someone else can answer for sure.

New Member

Re: content filters on public mail i.e. gmail, yahoo etc

If you do not see the ids logs, then you might need to enable it:

CLI > logconfig > new > Data Security Logs

New Member

Re: content filters on public mail i.e. gmail, yahoo etc

thanks khoa
its there its already activated.

393
Views
0
Helpful
12
Replies
CreatePlease to create content