Ruijie Firewall (WEB) - Other functions of UTM security application - Data leakage prevention

Enterprise 2023-09-30 05:54:43 views: null

Table of contents

Ⅰ Introduction to file filtering

Ⅱ File blocking-unblocking list

 

Ⅰ Introduction to file filtering

Introduction to file filtering

RGFW supports file filtering of file name template file types:

File name template filtering :

    Filter according to the file extension, such as filtering executable files with .exe extension. This filtering method cannot recognize modified extensions. For example, if the .exe file name is changed to .txt, it will not be recognized.

File type filtering :

     The firewall scans the file content to identify the file and then filters it, not the extension. If you need to filter .zip files, promptly change the .zip file name to .txt, and it will still be recognized by the firewall.

Ⅱ File blocking-unblocking list

1. Networking requirements

Direct propagation of executable files, filtering executable files in web pages and emails.

2. Network topology

Intranet users access the Internet through the firewall.

3. Configuration points

1. Initialize Internet configuration

2. Define DLP configuration

3. Configure proxy options

4. Enable data protection in the policy

4. Configuration steps

1. Initialize Internet configuration

Configure an access policy for internal-wan1, allow all, and enable NAT.

2. Define data leakage prevention sensors

(1) File filter

A file sensor is used to define the file types to be filtered. You can use the built-in all_executables file filter directly, or you can define your own.

Menu: Security Configuration--Data Leakage Prevention--File Filter, click New

B Add file types to the file filtering list. On the following page, click New

Filter type: Select file type

File type: Select executable file exe

C Follow the above method to add all filtered file types. The adding results are as follows:

(2) Menu: Security Configuration--Data Leakage Prevention--Sensor, click New.

After entering the name: office, click the New button below to add a file filter.

Filter type selection: File

File types include: exe-doc

Check out the following services: File filtering for those protocols

Action: Shield, only log, isolate the IP address, isolate the source interface (use with caution, it will cause the interface to be unable to communicate.) 

3. Configure proxy options (optional)

This option is equipped with some advanced parameters. Generally, the default does not need to be changed. Just use the default. If you need to modify it, please refer to the virus protection section.              

Protocol port mapping :

Enable, protocol, detection port: Configure proxy options for different protocols, such as turning on port 80 scanning of the http protocol. If you need to scan multiple ports, separate them with spaces, such as 80. This port will be scanned for viruses. .

Common options (valid only for proxy mode virus detection)

User comfort: When performing proxy mode virus scanning, files need to be buffered inside the firewall, and the files are scanned and confirmed to be safe before being sent to the user. During this period, no file data was received from the user's perspective. If the file is larger, the user will have to wait longer. In order to alleviate this bad experience for users, the firewall will send files to users at a slower speed during scanning, but users can perceive that the file request has been responded to and is being processed.

Interval (seconds): 10, data is sent every 10 seconds.

Total: (bytes): 1, the number of bytes sent each time.

Block oversized files/mails: Block files that exceed the virus scanning buffer 10M. Otherwise, very large files will not be scanned for viruses and will be released. 

After editing, click the "OK" button to confirm it takes effect.

4. Reference data protection sensors in policies

Edit the policy for accessing the Internet, check the UTM function, configure the proxy option to default, configure and enable DLP to pass through emotions, and select office.

Check the "UTM" button in the policy, select 'myantivirus' for the read detection, and select default for the proxy option. Configuration completed.

5. Turn on log display

If the log is not displayed, you can enable log display through the command

             Note: Before performing the operation, it is recommended to upgrade to the P2 version first. If operating under the P1 version, you need to enter print cliovrd enabl4e and press Enter. At the same time, the user can log out and log in before executing the following command.

RG-WALL # config dlp sensor

RG-WALL (sensor) # edit office

RG-WALL (office) # set extended-utm-log enable

RG-WALL (office) # end

5. Check the configuration effect

Sending emails or downloading through ftp, uploading exe and bat files, the files are blocked

Guess you like

Origin blog.csdn.net/weixin_57099902/article/details/133350810
Recommended
Ranking
#2019110700005
What materials and procedures are required for patent transfer
What is the blockchain Ethereum triplet state root transaction root receipt root
Front-end study notes 04 --- About the insertion of html pictures and videos
Documents required for the filing of WeChat Mini Programs in special industries, the filing process of WeChat Mini Programs in special industries, how to file WeChat Mini Programs in special industries
2017 Qingdao-site tournament I The Squared Mosquito Coil
[BZOJ3165][HEOI2013]Segment (line segment tree without marking)
Kettle series: KettleEasyExpand, an open source Kettle universal plugin by Ma Jinju
The latest tutorial on making framework for iOS
DAX Section 6: Statistical Functions
Daily
More
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)

Code World

© 2018 codetd.com