McAfee Data Loss Prevention 9.2.2 Product Guide
McAfee Data Loss Prevention 9.2.2 Product Guide McAfee Data Loss Prevention 9.2.2 Product Guide
4Using McAfee DLP DiscoverManaging scansTable 4-16 Types of scans (continued)Scan typeRegistrationscanDiscover scanDescriptionUse this scan to register sensitive data by generating digital fingerprints, orsignatures, that identify documents to be protected. You can register partialdocuments by defining excluded text within the documents. For database scans,this mode is known as Data Match.When scanning large databases, McAfee recommends registering only sensitivedata, such as bank account numbers or Social Security numbers. Registering anentire database is neither practical nor useful.Use this scan to find data that has been registered, or is residing on a file share inviolation of a policy. In this mode, McAfee DLP Discover can monitor, encrypt, copy,delete, or move files to a secure location (quarantine). All actions produceincidents that are reported to dashboards.Remediation actions cannot be performed on database repositories.After an incident is reported to the dashboard, it can be sorted, filtered, exported,saved, and remediated to prevent future violations.File system repositories supportedWhen you access a repository, you connect to a central network location where data is stored,organized, and maintained. McAfee DLP Discover supports most common file system repository types.The repository type is determined by the protocol used to access data on the device.Table 4-17 File system repositories supportedRepository typeCIFS (Common Internet File System)Windows Server 2008NFS (Network File System)FTP (File Transport Protocol)HTTP/HTTPS (Hypertext TransportProtocol/over Secure Sockets Layer)Documentum 5.3, 6.0, 6.5SharePoint 2007, 2010DescriptionFormerly Microsoft SMB (Server Message Block) filesystem. Windows XP supported.Windows Server 2008 R2 clusters supported.Sun Microsystems file systemOpen source file transfer system — both passive andactive FTP scanning are supported.Web server systems — only HTTP‐based authentication issupported.EMC documentation server, access through the defaultdocbase port.Microsoft SharePoint supported.Database repositories supportedWhen you access a repository, you are connecting to a central network location where data is stored,organized and maintained. McAfee DLP Discover supports several common database repository types.McAfee DLP Discover supports JDBC (Java Database Connectivity).Table 4-18 Database repositories supportedRepository typeDescriptionDB2Versions 5x iSeries, 6.1 iSeries, 7.x‐9.xMS SQL Server Versions 2000, 2005, 2008, 7.0, MSDE 2000My SQL (Enterprise) Versions 5.0.x, 5.1OracleVersions 8i, 9i, 10g, 11g92 McAfee Data Loss Prevention 9.2.2 Product Guide
Using McAfee DLP DiscoverManaging scans 4Scanning network attached storageMcAfee DLP Discover scans storage devices by using the protocols that are used to access them.Table 4-19 Common network storage typesStorage typeAccess methodNetwork Attached Storage Network Attached Storage presents a conventional file system to thenetwork, and can be accessed directly by McAfee DLP systems.Storage Area NetworksStore data in an unusable format using physical blocks of disk space, butMcAfee DLP Discover can connect through any server that owns a pool ofdata on that device.Firewall options for scanningBefore scanning a repository, its firewall must be configured to allow scans.Source ports are randomly chosen unless explicitly noted. Network and host‐based firewalls typicallypermit connections only on certain ports and might have to be configured to permit connections onothers.Table 4-20 Firewall optionsRepository type Direction PortsCIFSFTP Active Mode (triedby Discover if PassiveMode fails)FTP Active ModeFTP Passive Mode (triedfirst by Discover)HTTPHTTPSNFSDatabaseDiscover to Server TCP 139 and 445 on serverDiscover to Server TCP destination port 21 on server (control)Server to Discover TCP source port 20 (from server), and destination port(on Discover) chosen by Discover (data)Discover to Server TCP destination port 21 on server (control), andanother port on server (data) chosen by the serverDiscover to Server TCP destination port 80 on server, unless port ismanually configured in the URL itselfDiscover to Server TCP destination port 443 on server, unless port ismanually configured in the URL itselfDiscover to Server TCP and UDP destination ports 111; 2049 on serverDiscover to Server Standard ports, by database:• DB2 — 50000• Microsoft SQL — 1433• MySQL — 3306• Oracle — 1521If the database server is running on a non‐standardport, that port number must be punctured in a firewall.EMC DocumentumMicrosoft SharePointDiscover to Server TCP destination port 1489 on serverDiscover to Server TCP destination ports 80 (HTTP) or 443 (HTTPS) onserver, unless port is manually configured in the URLitselfMcAfee Data Loss Prevention 9.2.2 Product Guide 93
- Page 42 and 43: 2Using McAfee DLP MonitorFinding in
- Page 44 and 45: 2Using McAfee DLP MonitorUse concep
- Page 46 and 47: 2Using McAfee DLP MonitorFind data
- Page 48 and 49: 2Using McAfee DLP MonitorFind data
- Page 50 and 51: 2Using McAfee DLP MonitorFind data
- Page 52 and 53: 2Using McAfee DLP MonitorSearching
- Page 54 and 55: 2Using McAfee DLP MonitorSearching
- Page 56 and 57: 2Using McAfee DLP MonitorSearching
- Page 58 and 59: 2Using McAfee DLP MonitorSearching
- Page 60 and 61: 2Using McAfee DLP MonitorSearching
- Page 62 and 63: 2Using McAfee DLP MonitorSearching
- Page 64 and 65: 2Using McAfee DLP MonitorFinding do
- Page 66 and 67: 3Managing McAfee DLP PreventHow McA
- Page 68 and 69: 3Managing McAfee DLP PreventConfigu
- Page 70 and 71: 3Managing McAfee DLP PreventConfigu
- Page 72 and 73: 4Using McAfee DLP DiscoverTypical s
- Page 74 and 75: 4Using McAfee DLP DiscoverTypical s
- Page 76 and 77: 4Using McAfee DLP DiscoverRegisteri
- Page 78 and 79: 4Using McAfee DLP DiscoverRegisteri
- Page 80 and 81: 4Using McAfee DLP DiscoverCrawling
- Page 82 and 83: 4Using McAfee DLP DiscoverCrawling
- Page 84 and 85: 4Using McAfee DLP DiscoverCrawling
- Page 86 and 87: 4Using McAfee DLP DiscoverOptimizin
- Page 88 and 89: 4Using McAfee DLP DiscoverOptimizin
- Page 90 and 91: 4Using McAfee DLP DiscoverManaging
- Page 94 and 95: 4Using McAfee DLP DiscoverManaging
- Page 96 and 97: 4Using McAfee DLP DiscoverManaging
- Page 98 and 99: 4Using McAfee DLP DiscoverManaging
- Page 100 and 101: 4Using McAfee DLP DiscoverManaging
- Page 102 and 103: 4Using McAfee DLP DiscoverManaging
- Page 104 and 105: 4Using McAfee DLP DiscoverScan stat
- Page 106 and 107: 4Using McAfee DLP DiscoverManaging
- Page 108 and 109: 4Using McAfee DLP DiscoverSearch di
- Page 110 and 111: 4Using McAfee DLP DiscoverSearch di
- Page 112 and 113: 4Using McAfee DLP DiscoverSearch di
- Page 114 and 115: 4Using McAfee DLP DiscoverRemediati
- Page 116 and 117: 4Using McAfee DLP DiscoverRemediati
- Page 118 and 119: 4Using McAfee DLP DiscoverRemediati
- Page 120 and 121: 4Using McAfee DLP DiscoverRemediati
- Page 122 and 123: 4Using McAfee DLP DiscoverGetting s
- Page 124 and 125: 4Using McAfee DLP DiscoverGetting s
- Page 126 and 127: 4Using McAfee DLP DiscoverConfiguri
- Page 128 and 129: 4Using McAfee DLP DiscoverConfiguri
- Page 130 and 131: 5Integrating McAfee DLP EndpointTyp
- Page 132 and 133: 5Integrating McAfee DLP EndpointTyp
- Page 134 and 135: 5Integrating McAfee DLP EndpointTyp
- Page 136 and 137: 5Integrating McAfee DLP EndpointTyp
- Page 138 and 139: 5Integrating McAfee DLP EndpointVie
- Page 140 and 141: 5Integrating McAfee DLP EndpointCon
4Using <strong>McAfee</strong> DLP DiscoverManaging scansTable 4-16 Types of scans (continued)Scan typeRegistrationscanDiscover scanDescriptionUse this scan to register sensitive data by generating digital fingerprints, orsignatures, that identify documents to be protected. You can register partialdocuments by defining excluded text within the documents. For database scans,this mode is known as <strong>Data</strong> Match.When scanning large databases, <strong>McAfee</strong> recommends registering only sensitivedata, such as bank account numbers or Social Security numbers. Registering anentire database is neither practical nor useful.Use this scan to find data that has been registered, or is residing on a file share inviolation of a policy. In this mode, <strong>McAfee</strong> DLP Discover can monitor, encrypt, copy,delete, or move files to a secure location (quarantine). All actions produceincidents that are reported to dashboards.Remediation actions cannot be performed on database repositories.After an incident is reported to the dashboard, it can be sorted, filtered, exported,saved, and remediated to prevent future violations.File system repositories supportedWhen you access a repository, you connect to a central network location where data is stored,organized, and maintained. <strong>McAfee</strong> DLP Discover supports most common file system repository types.The repository type is determined by the protocol used to access data on the device.Table 4-17 File system repositories supportedRepository typeCIFS (Common Internet File System)Windows Server 2008NFS (Network File System)FTP (File Transport Protocol)HTTP/HTTPS (Hypertext TransportProtocol/over Secure Sockets Layer)Documentum 5.3, 6.0, 6.5SharePoint 2007, 2010DescriptionFormerly Microsoft SMB (Server Message Block) filesystem. Windows XP supported.Windows Server 2008 R2 clusters supported.Sun Microsystems file systemOpen source file transfer system — both passive andactive FTP scanning are supported.Web server systems — only HTTP‐based authentication issupported.EMC documentation server, access through the defaultdocbase port.Microsoft SharePoint supported.<strong>Data</strong>base repositories supportedWhen you access a repository, you are connecting to a central network location where data is stored,organized and maintained. <strong>McAfee</strong> DLP Discover supports several common database repository types.<strong>McAfee</strong> DLP Discover supports JDBC (Java <strong>Data</strong>base Connectivity).Table 4-18 <strong>Data</strong>base repositories supportedRepository typeDescriptionDB2Versions 5x iSeries, 6.1 iSeries, 7.x‐9.xMS SQL Server Versions 2000, 2005, 2008, 7.0, MSDE 2000My SQL (Enterprise) Versions 5.0.x, 5.1OracleVersions 8i, 9i, 10g, 11g92 <strong>McAfee</strong> <strong>Data</strong> <strong>Loss</strong> <strong>Prevention</strong> <strong>9.2.2</strong> <strong>Product</strong> <strong>Guide</strong>