Symantec Data Loss Prevention Blue Coat ProxySG ...
Transcript of Symantec Data Loss Prevention Blue Coat ProxySG ...
Symantec Data Loss Prevention
Blue Coat ProxySG Configuration
Guide
For Symantec Data Loss Prevention Version 9.0
1-1100-0900-2009-03-16
Symantec Data Loss Prevention Blue Coat ProxySG Configuration Guide
The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement.
Documentation version 9.0
Legal Notice
Copyright © 2009 Symantec Corporation. All rights reserved.
Symantec, the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners.
The product described in this document is distributed under licenses restricting its use, copying, distribution, and decompilation/reverse engineering. No part of this document may be reproduced in any form by any means without prior written authorization of Symantec Corporation and its licensors, if any.
THE DOCUMENTATION IS PROVIDED “AS IS” AND ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.
The Licensed Software and Documentation are deemed to be commercial computer software as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19 “Commercial Computer Software - Restricted Rights” and DFARS 227.7202, “Rights in Commercial Computer Software or Commercial Computer Software Documentation”, as applicable, and any successor regulations. Any use, modification, reproduction release, performance, display or disclosure of the Licensed Software and Documentation by the U.S. Government shall be solely in accordance with the terms of this Agreement.
Symantec Corporation20330 Stevens Creek Blvd.Cupertino, CA 95014
http://www.symantec.com
3Blue Coat ProxySG Configuration Guide
Introduction
Blue Coat ProxySG Configuration
Guide
This guide covers the following topics:
■ “Introduction” on page 3
■ “Request Modification (REQMOD)” on page 4
■ “Response Modification (RESPMOD)” on page 9
IntroductionSymantec Data Loss Prevention supports integration with Blue Coat ProxySG version 5.2.4.x, expanding
the proxies supported for Network Prevent (Web) and adding the capability to prevent HTTPS and FTP
traffic that violates configured policies. This capability is achieved by integrating with HTTP proxies
through Internet Content Adaptation Protocol (ICAP).
This integration is supported with forward-proxy mode deployments, request modification (REQMOD) and
response modifications (RESPMOD) mode of ICAP only. Other deployment options are not supported. See
the appropriate Installation Guide to install Network Prevent before configuring the Blue Coat ProxySG.
Instructions for correctly configuring Blue Coat ProxySG are provided below.
Figure 1-1 Preferred Deployment
4 Blue Coat ProxySG Configuration Guide
Request Modification (REQMOD)
Request Modification (REQMOD)
Create ICAP Service
To create the ICAP request modification service on the ProxySG server:
1 Log in to the Blue Coat ProxySG.
2 Click Management Console.
3 Click External Services on the left navigation menu.
4 Click ICAP.
5 Click New.
6 Fill in a name of choice for the ICAP server.
7 Click Edit and configure the ICAP service:
Figure 1-2 External Services Creation
8 Click the Sense Settings button to test the connection to Network Prevent. The ICAP server tag should
display Vontu 9.0 after sensing the settings.
9 Repeat steps 5 – 8 for each Network Prevent server.
10 After all the ICAP services have been configured, click the Apply button in the main UI pane.
11 Click Service-Groups under External Services menu.
12 Click New.
13 Fill in a name of choice for the service group (for example, Vontu).
14 Click Edit to edit the service group just created.
15 When the Service Group Entries screen appears, click New.
16 When the Add Service-Group Entry screen appears, select List ICAP services and select the ICAP
services configured in previous steps. Then click OK.
17 Click OK to exit the Edit Service-Group screen.
18 Click Apply on the main UI screen.
5Blue Coat ProxySG Configuration Guide
Request Modification (REQMOD)
Configuration for HTTP Prevent
To configure HTTP prevent on the ProxySG server:
1 Click Policy on the left navigation menu.
2 Click Visual Policy Manager.
3 On the main UI pane, click Launch.
4 When the Blue Coat Visual Policy Manager appears, go to the Policy menu and select Add Web Access
Layer. Give it an appropriate name.
5 Select the Action cell and right click the cell.
6 Select Set on the context menu.
7 In the Set Action Object panel, click New.
8 Select Set ICAP Request Service.
9 Give it an appropriate name and select Use ICAP request service.
10 Select the service group created in previous section.
Figure 1-3 Add ICAP Request Service for HTTP
11 When the Add ICAP Request Service Object screen appears, click the OK button.
12 When the Set Action Object screen appears, select the ICAP service object just created, and click OK.
13 Select the Service cell, and right click it. Select Set on the context menu.
14 Click New in the Set Service Object panel.
15 Select Protocol Methods Give it an appropriate name.
6 Blue Coat ProxySG Configuration Guide
Request Modification (REQMOD)
Figure 1-4 Add Methods Object
16 Select HTTP/HTTPS from the dropdown menu of the Protocol field.
17 Configure it according to the screen above. Select PUT as well if it is desired. This will help reduce the
traffic to ICAP server, so that bandwidth is not spent on requests such as GETs.
18 Click OK.
19 When the Set Service Object screen appears, make sure the protocol methods object just created is
selected, and click OK.
Configuration for HTTPS Prevent
To configure HTTPs prevent on the ProxySG server:
1 In the Visual Policy Manager, go to the Policy menu and select Add SSL Intercept Layer. Give it an
appropriate name.
2 Select the Action cell and right click it.
3 Select Set.
4 When the Set Action Object screen appears, click New, and select Enable HTTPS Interception.
5 Give it an appropriate name, and configure according to the following screen:
7Blue Coat ProxySG Configuration Guide
Request Modification (REQMOD)
Figure 1-5 SSL Forward Proxy Object for HTTPS
6 Click OK.
7 When the Set Action Object screen appears, select the Enable HTTPS Interception object just created
and click OK.
Configuration for FTP Prevent
To configure FTP prevent on the ProxySG server:
1 Go to Policy menu and select Add Web Access Layer. Give it an appropriate name.
2 Select the Action cell and right click it.
3 When the context menu appears, select Set.
4 If you created an ICAP action object by following the instructions in the Configuration for HTTP
Prevent section, you can simply select that action object, click OK, and move directly to step 11 of this
section. Otherwise, follow steps 5—10.
5 In the Set Action Object panel, click New.
6 Select Set ICAP Request Service.
7 Give it an appropriate name and select Use ICAP request service.
8 Select the service group created in the previous section.
8 Blue Coat ProxySG Configuration Guide
Request Modification (REQMOD)
Figure 1-6 Add ICAP Request Service for FTP
9 When the Add ICAP Request Service Object screen appears, click OK.
10 When the Set Action Object panel appears, select the ICAP service object just created, and click OK.
11 Select the Service cell, and right click it. Select Set on the context menu.
12 Click New in the Set Service Object screen.
13 Select Client Protocol, and configure the FTP protocol object according to the following screenshot.
Figure 1-7 Add Client Protocol Object for FTP
14 Select FTP from the dropdown menu.
15 Click OK.
16 When the Set Service Object screen appears, make sure that the protocol object just created is selected,
then click OK.
Deploy Policy to Proxy Server
After configuring all the protocols, you are ready to deploy the policy to the Blue Coat ProxySG server. Click
Install Policy on the Visual Policy Manager to deploy the policy. Exit the Visual Policy Manager after it is
done.
9Blue Coat ProxySG Configuration Guide
Response Modification (RESPMOD)
Response Modification (RESPMOD)
Create ICAP service for response modification:
To create the ICAP response modification service on the ProxySG server:
1 Log in to the Blue Coat ProxySG.
2 Click Management Console.
3 Click External Services on the left navigation menu.
4 Click ICAP.
5 Click New.
6 Fill in a name of choice for the ICAP service.
7 Click Edit and configure the ICAP service according to the following screen:
Figure 1-8 Add ICAP Service ICAP Response
8 Click the Sense Settings button to test the connection to Network Prevent. The ICAP server tag should
display Vontu 9.0 after sensing the settings.
9 Repeat steps 5 – 8 for each Network Prevent server.
10 After all the ICAP services have been configured, click the Apply button in the main UI pane.
11 Click Service-Groups under External Services menu.
12 Click New.
13 Fill in a name of choice for the service group (for example, Vontu).
14 Click Edit to edit the service group just created.
15 When the Service Group Entry screen appears, click New.
16 When the Add Service-Group Entry screen appears, select List ICAP services and select the ICAP
services configured in previous steps. Then click OK.
17 Click OK to exit the Edit Service-Group screen.
10 Blue Coat ProxySG Configuration Guide
Response Modification (RESPMOD)
18 Click Apply on the main UI screen.
Configuration for HTTP prevent
To configure response modification for HTTP prevent on the ProxySG server:
1 Click Policy on the left navigation menu.
2 Click Visual Policy Manager.
3 On the main UI pane, click Launch.
4 When the Blue Coat Visual Policy Manager appears, go to the Policy menu and select Add Web Content
Layer. Give it an appropriate name.
5 Select the Action cell and right click the cell.
6 Select Set on the context menu.
7 In the Set Action Object panel, click New.
8 Select Set ICAP Response Service.
9 Give it an appropriate name and select Use ICAP response service.
10 Select the service group created in previous section.
Figure 1-9 Add ICAP Response Service for HTTP
11 When the Add ICAP Response Service Object screen appears, click the OK button.
12 When the Set Action Object screen appears, select the ICAP service object just created, and click OK.
Note: The following steps specify the types of content that are sent for inspection based on content MIME
type and disable proxy cache for those content types. This is important for performance as well as
accuracy.
13 Again select the Action cell and right click the cell.
14 Select Set on the context menu.
15 In the Set Action Object panel, click New.
16 Select Combined Action Object.
11Blue Coat ProxySG Configuration Guide
Response Modification (RESPMOD)
17 Give it an appropriate name
18 Select ICAP Response Service Object created in Steps 6 -> 12 and press Add.
19 Select Do Not Cache and press Add
Figure 1-10 Add Combined Action Object
20 Once done creating the Combined Action Object, click the OK button.
21 When the Set Action Object screen appears, select the ICAP service object just created, and click OK.
22 Select the Destination cell and right click the cell.
23 Select Set on the context menu.
24 In the Set Destination Object panel, click New.
25 Select HTTP MIME Types.
26 Check the MIME types that need to be monitored.
Figure 1-11 Add HTTP MIME Types Object
27 Once done selecting the HTTP MIME Types Object, click the OK button.
28 When the Set Destination Object screen appears, select the HTTP MIME TYPES Object just created, and
click OK.
If wildcard is needed for the MIME types, then you have to create a policy file and upload the policy file to
Blue Coat proxy server. The policy file should contain the following
12 Blue Coat ProxySG Configuration Guide
Response Modification (RESPMOD)
<ssl-intercept>
ssl.forward_proxy(https) ssl.forward_proxy.issuer_keyring(default)
<Cache>
condition=HTTPMIMETypes1 response.icap_service([ICAP service name]) cache(no)
; Definitions
define condition HTTPMIMETypes1
response.header.Content-Type="text/*"
response.header.Content-Type="application/pdf"
end
The easiest way to add wildcard is to configure the policy through Visual Policy Manager and then:
1 Go to Policy Files menu
2 Click View button in the View Policy section.
3 Copy the policy text.
4 In Install Local File from section, choose Text Editor from the dropdown menu, and click Install Button.
5 A text editor will show up and paste the policy text copied down from step 3 into the text editor.
6 Modify the Define Condition section of the policy to reflect the desired MIME types, put a asterisk when
wildcard is needed.
Configuration for HTTPS prevent
To configure HTTPs prevent on the ProxySG server:
1 In the Visual Policy Manager, go to the Policy menu and select Add SSL Intercept Layer. Give it an
appropriate name.
2 Select the Action cell and right click it.
3 Select Set.
4 When the Set Action Object screen appears, click New, and select Enable HTTPS Interception.
5 Give it an appropriate name, and configure according to the following screen:
Figure 1-12 SSL Forward Proxy Object for HTTPS
13Blue Coat ProxySG Configuration Guide
Response Modification (RESPMOD)
6 Click OK.
7 When the Set Action Object screen appears, select the Enable HTTPS Interception object just created
and click OK.
Deploy policy to proxy server
After configuring all the protocols, you are ready to deploy the policy to the Blue Coat ProxySG server. Click
Install Policy on the Visual Policy Manager to deploy the policy. Exit the Visual Policy Manager after it is
done
14 Blue Coat ProxySG Configuration Guide
Response Modification (RESPMOD)