Controlling Uploads To Prevent Data Leakage

Controlling Uploads To Prevent Data Leakage

Overview

Data Loss/Leak Prevention (DLP) is a technique that was designed to stop sensitive information from leaving any organization.
Data can end up in the wrong hands, whether it’s sent, through email or instant messaging, forms on any website, file transfers, or any other means. DLP strategies must include solutions that monitor or, detect, and block the unauthorized flow of information.
In any organization main concern for administrator are-
Protecting data from external intruders and accidental leakage of sensitive information by employees.
Protect data against security threats caused by BYOD.
Monitor organization for inappropriate employee conduct and maintain forensic data of security events as evidence.
SafeSquid DLP module helps the administrator to overcome all these concerns. SafeSquid DLP protects organizations from information leaks and data loss at the perimeter and inside the organization, as well as in certain Infrastructure as a Service platforms. SafeSquid DLP restrict to Upload any kind of Content outside the corporate network to prevent data leakage. We shall permit text/plain content type to access all websites. We allow users only to upload Microsoft office document files and PDF files on whitelisted websites as per the policy of organization. 
In general administrator can allow the very specific file type(s) based on predefined content type(s) in his/her network for uploading.

Prerequisite

HTTPS Inspection should be enabled in SafeSquid. If not enabled, you can check our document - How to enable HTTPS Inspection

Access the SafeSquid User interface

clicking on configure in SafeSquid interface

Block Uploads

SafeSquid SWG comes with predefined policies and profiles. You can add/modify policies and profiles as per your requirement.
Below we are using predefined Profile 'BLOCK UPLOADS' created in Access Profiles section. You can inspect the extended logs for 'BLOCK UPLOADS' profile getting applied after configuring DLP policy.
There are two ways to search any keyword or profiles inside SafeSquid set of policies from various section.

Search Policy method 1

You can search the keyword or profile name from Restriction Policies >> Access Profiles. You have to parse each and every rule from Access Profiles section one by one.
 

Search Policy method 2

Click on Search Icon situated on bottom right corner of SafeSquid WebGUI.
clicking on search button
Enter the keyword or profile name into the value field of dialog box appeared on the screen. Click on search button to find the keyword or profile used inside various sections.
Click on search button to find the keyword or profile used inside various sections.
Below we are searching BLOCK UPLOADS to configure predefined DLP policy.
You will find a default policy in Policies and Profiles section as shown below. If not found or deleted accidently you need to create the same policy.
Click on Edit icon to modify the policy.
Clicking on edit button on the policy
Modify this policy as per your requirement.
modifying the default policy of BLOCK UPLOADS  as per your requirement
By default, this policy is disabled, you need to enable this policy and save the policy/rule.
selecting enabled as true

Go to DLP Section Configuration

Open DLP section to find default DLP rules. You can add/modify the rules as per your requirement.
opening DLP section after the modifying of default policy

Open Global Section of DLP

Make sure that global part of DLP section should be true.
clicking on edit button on make the global policy as true

Configure DLP Policy

Edit the DLP policy and save your changes.
Note: If you want to block all file uploads leave profiles field blank. But, we should permit text/plain content type to access all websites.
Choose action as Do_not_Bypass as shown below and save policy.
Selecting block uploads in the profiles section
saving the modified policy in DLP section

Save Configuration

Click on bottom left Icon to save the configuration.
Clicking on global save to save the configuration
You can save the current configuration to either in your local machine or to cloud. Storing configuration to cloud help you to restore your configuration in other instances.
clicking on submit button to save the policy
Note: Creating / Using (predefined) profiles while creation of new policy will be helpful for capturing logs. In future these logs will be helpful to identify general operational details and security concerns.

Example

Generally, in corporate sector Users should be restricted to Upload any kind of Content outside the corporate network to prevent data leakage. We shall permit text/plain content type to access all websites. We allow users only to upload Microsoft office document files and PDF files on whitelisted websites. 
In this scenario follow below steps:
Step 1: Go to Categorization Web-site section from SafeSquid WebGUI and add all whitelisted websites into whitelist category.
Step 2: Go to Policies and Profiles section and create new policy as shown below.
Here for our example, we have created ALLOW DOCUMENT UPLOADS in Policies and Profiles Section. Further this profile will be bind with DLP policies.
example of creating policy to allow uploads in access profiles section 
Step 3: Create All the three policies under DLP Section as shown below.
Policy 1: We restrict uploading of files, irrespective of a content type.
Policy 2: We shall permit text/plain content type to access all websites.
Policy 3: We allow users for uploading PDF and Microsoft office document files for Whitlisted Sites
Binding the created policies in DLP section to allow required uploads 
For testing purpose try to upload any file other than PDF and Microsoft office document files. File will not be uploaded.


    • Related Articles

    • Defend Against Internal Threats And Data Leakage

      Overview According to a recent survey of hundreds of IT security professionals, most organizations have major security holes when it comes to protecting themselves against insider threats. Not all data loss is the result of external, malicious ...
    • How to block virus uploads and downloads

      Client Scenario You might download a file containing a virus during an e-commerce session. To protect your network from these threats,SvScan is the inbuilt module in SafeSquid that protects users against malware. ClamAV and ICAP are secondary servers ...
    • Block Personal Gmail, Allow Google Corporate Accounts

      Overview Nowadays emails are used very frequently to exchange information between people using electronic devices. In some organization personal emails in the office network are not allowed. Personal emails are blocked to avoid spending of productive ...
    • How To

      Overview This collection of How To articles provides a step-by-step guide to implement SafeSquid, and optimally use its various features. Install SafeSquid Secure Web Gateway You can setup your secure web gateway using different installation ...
    • Block Emails or Files including archives or Social Posts using Keywords

      Overview When any employee/user from your network leaked the confidential information intentionally or unintentionally, then what will happen? Huge loss to your organization. In your organization various mediums and modes comes into play for data ...