DLP Lite - nowhere easier
DLP (Data Leak Prevention) systems are different.
As you know, there are only two main information selection criteria for an information security specialist: product functionality and cost. The cost of a DLP system is often directly proportional to its capabilities, although this is not always the case .
As for the feature set of DLP systems, it is customary to distinguish the following three “classes of functionality”:
Enterprise DLP - these systems monitor and control the broadest list of possible data leakage channels. The vendors developing such systems are widely known: Symantec, McAfee, Websense, etc. It is they who storm the right upper quadrant of Gartner.
Channel DLP - these systems are already less functional, and first of all - due to their “narrow specialization”. An example of this is the DLP system, which monitors data transmitted only by e-mail. Sometimes DLP functions of this class are embedded in other products (in the mail server, if you follow the same example).
DLP-lite - these systems have stood out in a separate class relatively recently, and are very light products (read: utilities). Their main purpose is to quickly deploy in the infrastructure and quickly solve a simple specific task.
In this article, I want to give an example of the work of a software product that fits best into the third class of “complexity”. It will be about DLP Lite made by the American company STEALTHbits Technologies. This product is absolutely free and solves one single problem: it searchessensitive files on sensitive disk files.
')
Fill out the form here on this page and then download the file DLPLiteSetup.msi.
File size - 5.7 MB.
Run the installer, I Agree, Next, Next, Next, Finish.
In the "Where to scan ..." section in the "File Path" field, we indicate the path where we have a lot of files, among which we want to find those documents that should not lie there. Separate daws mark the need to scan the subfolders and indicate the desired depth of immersion in these same subfolders.
In the “Wildcard” field we can specify a mask by which files will be filtered during scanning. By default, this field is *. *, But if you click on the “More” button, it becomes clear that it is not so there *. *
The text file DLPFileTypes.txt that opens with the “More” button informs us that the settings from this file are applied in addition to the settings specified in the “Wildcard” field.
In particular, the parameter
determines the extensions of the files to be scanned.
Similarly, the parameter
determines the file extensions that will be excluded from scanning.
Thus, if we remove or comment out these two parameters, the scanner will generally go through all-all files.
In the “What to look for ...” section in the “Search for:” field we use the checkboxes to mark those entities that we want to find in the files during scanning. By default, DLP Lite has the ability to search for:
• Social Security Numbers
• Credit Cards
• CC: Visa
• CC: Amex
• CC: Mastercard
• Email Addresses
• Currency
• Phone No (US / CAN)
• ZIP Code
• Zip US East
• ZIP US Central
• ZIP US West
• CDN Postal Code
The “Check All” / “Uncheck All” button allows us to select all entities to be searched with one click or deselect, and the “View Definitions” button opens the DLPTypes.txt file. It is in this file that regular expressions are stored, with the help of which the files in the target folder are parsed.
Of course, this file can be supplemented with your own records. As an example, the screenshot shows the added version of “Russian passport” and the corresponding regular expression for finding the series and passport number.
If you need to search for any criterion, but there is no need to do it on an ongoing basis, you can not edit the file DLPTypes.txt. In the same section “What to look for ...” there is a field “Custom Regular Expression” - that’s where we enter our regular expression.
In the "Options ..." section there are three options for ticking:
• show only those files for which the search criteria were performed
• show files to which the scanner for some reason could not access (for example, not enough rights)
• do not scan files larger than a certain size (the default threshold is 1 MB)
After setting all the parameters, press the “START SCAN” button.
When scanning files, it is possible to pause the process or interrupt it completely. In any case, the result will be a new window with two tabs: “Progress” and “Analyze”.
The tab “Progress” displays information about how many files the scanner processed, how much (potentially) data of interest it found, how many files the scanner could not access.
The tab “Analyze” in a tabular form displays information about what exactly was found. Each column has the ability to sort, filter and group scan results. For grouping, drag the heading of the required column into the gray box at the top of the table.
There is also a button to export the results to the XLS file. Unfortunately, other export formats are not supported.
On the manufacturer's website, you can read / download User Manual volume of 4 pages.
Summary: DLP Lite is a straightforward product that you can use until a more convenient free tool is found. Or until you get paid money.
By the way, about the paid.
The first screenshots show ads from the manufacturer: UPGRADE TO DLP PRO | SUMMER 2012.
And although there is only a week left until the end of summer 2012, there are still no details about the PRO version. The link, wired into an advertisement, starts a minute video with some pie charts and tables.
As you know, there are only two main information selection criteria for an information security specialist: product functionality and cost. The cost of a DLP system is often directly proportional to its capabilities, although this is not always the case .
As for the feature set of DLP systems, it is customary to distinguish the following three “classes of functionality”:
Enterprise DLP - these systems monitor and control the broadest list of possible data leakage channels. The vendors developing such systems are widely known: Symantec, McAfee, Websense, etc. It is they who storm the right upper quadrant of Gartner.
Channel DLP - these systems are already less functional, and first of all - due to their “narrow specialization”. An example of this is the DLP system, which monitors data transmitted only by e-mail. Sometimes DLP functions of this class are embedded in other products (in the mail server, if you follow the same example).
DLP-lite - these systems have stood out in a separate class relatively recently, and are very light products (read: utilities). Their main purpose is to quickly deploy in the infrastructure and quickly solve a simple specific task.
In this article, I want to give an example of the work of a software product that fits best into the third class of “complexity”. It will be about DLP Lite made by the American company STEALTHbits Technologies. This product is absolutely free and solves one single problem: it searches
')
DLP Lite installation
Fill out the form here on this page and then download the file DLPLiteSetup.msi.
File size - 5.7 MB.
Run the installer, I Agree, Next, Next, Next, Finish.
Preset and Launch DLP Lite
In the "Where to scan ..." section in the "File Path" field, we indicate the path where we have a lot of files, among which we want to find those documents that should not lie there. Separate daws mark the need to scan the subfolders and indicate the desired depth of immersion in these same subfolders.
In the “Wildcard” field we can specify a mask by which files will be filtered during scanning. By default, this field is *. *, But if you click on the “More” button, it becomes clear that it is not so there *. *
The text file DLPFileTypes.txt that opens with the “More” button informs us that the settings from this file are applied in addition to the settings specified in the “Wildcard” field.
In particular, the parameter
INCLUDE=xls,xlsx,doc,docx,ppt,pptx,rtf,txt,htm,html,xml,csv,tsv,pdfdetermines the extensions of the files to be scanned.
Similarly, the parameter
EXCLUDE=DLL,EXE,MSI,WMV,MOV,ISO,SYS,ICO,BMP,JPG,GIF,TMP,LOGdetermines the file extensions that will be excluded from scanning.
Thus, if we remove or comment out these two parameters, the scanner will generally go through all-all files.
In the “What to look for ...” section in the “Search for:” field we use the checkboxes to mark those entities that we want to find in the files during scanning. By default, DLP Lite has the ability to search for:
• Social Security Numbers
• Credit Cards
• CC: Visa
• CC: Amex
• CC: Mastercard
• Email Addresses
• Currency
• Phone No (US / CAN)
• ZIP Code
• Zip US East
• ZIP US Central
• ZIP US West
• CDN Postal Code
The “Check All” / “Uncheck All” button allows us to select all entities to be searched with one click or deselect, and the “View Definitions” button opens the DLPTypes.txt file. It is in this file that regular expressions are stored, with the help of which the files in the target folder are parsed.
Of course, this file can be supplemented with your own records. As an example, the screenshot shows the added version of “Russian passport” and the corresponding regular expression for finding the series and passport number.
If you need to search for any criterion, but there is no need to do it on an ongoing basis, you can not edit the file DLPTypes.txt. In the same section “What to look for ...” there is a field “Custom Regular Expression” - that’s where we enter our regular expression.
In the "Options ..." section there are three options for ticking:
• show only those files for which the search criteria were performed
• show files to which the scanner for some reason could not access (for example, not enough rights)
• do not scan files larger than a certain size (the default threshold is 1 MB)
After setting all the parameters, press the “START SCAN” button.
View Results
When scanning files, it is possible to pause the process or interrupt it completely. In any case, the result will be a new window with two tabs: “Progress” and “Analyze”.
The tab “Progress” displays information about how many files the scanner processed, how much (potentially) data of interest it found, how many files the scanner could not access.
The tab “Analyze” in a tabular form displays information about what exactly was found. Each column has the ability to sort, filter and group scan results. For grouping, drag the heading of the required column into the gray box at the top of the table.
There is also a button to export the results to the XLS file. Unfortunately, other export formats are not supported.
On the manufacturer's website, you can read / download User Manual volume of 4 pages.
Summary: DLP Lite is a straightforward product that you can use until a more convenient free tool is found. Or until you get paid money.
By the way, about the paid.
The first screenshots show ads from the manufacturer: UPGRADE TO DLP PRO | SUMMER 2012.
And although there is only a week left until the end of summer 2012, there are still no details about the PRO version. The link, wired into an advertisement, starts a minute video with some pie charts and tables.
Source: https://habr.com/ru/post/150227/
All Articles