Professional Documents
Culture Documents
McAfee DLPe Device Control Best Practices PDF
McAfee DLPe Device Control Best Practices PDF
Examples. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Use case: Making all USB removable storage read-only except authorized devices. . . . . . . . . . . . . . 10
Contents
Device control
Content protection rules
Examples
Device control
McAfee Host Data Loss Prevention software protects enterprises from the risk associated with
unauthorized transfer of data from within or outside the organization. Data loss is defined as
confidential or private information leaving the enterprise as a result of unauthorized
communication through channels such as applications, physical devices, or network protocols.
Memory sticks are the smallest, easiest, cheapest, and least-traceable method of downloading
large amounts of data, which is why they are often considered the "weapon of choice" for
unauthorized data transfer. McAfee Device Control allows monitoring and controlling external
device behavior based on the device attributes rather than the content being copied. Using
McAfee Device Control, devices attached to enterprise computers, such as smart phones,
removable storage devices, Bluetooth devices, MP3 players, or Plug and Play devices, can be
monitored, blocked, or configured to be read-only.
There are two types of device control rules available in McAfee Device Control:
• Plug and Play device rules
• Removable storage device rules
Examples
The following examples demonstrate the techniques discussed in the text.
Examples
Use case: Blocking wireless communication
Use case: Making all USB removable storage read-only except authorized devices
Use case: Blocking files containing personal identity information
Use case: Blocking files created by a GIS application
Use case: Disabling all CD/DVD burners from writing
Example
1 In the Navigation Bar under Device Management, select Device Definitions.
2 Right-click in the device definitions panel, and click Add New | Plug and Play Device
Definition. Type Wireless Network Adapters to rename, and press Enter.
3 Double-click the device definition to edit it. Select Device Class, then select Network
Adapters and click OK.
4 Select Device Name. The definition parameter edit dialog box appears.
5 Click Add New and type wireless into the text box. Select the Allow Partial Match option.
6 Click Add New and type wlan into the text box. Select the Allow Partial Match option.
7 Click Add New and type 802.11 into the text box. Select the Allow Partial Match option.
Click OK twice to complete the definition.
Example
1 In the Navigation Bar under Device Management, select Device Definitions.
2 Right-click in the device definitions panel, and click Add New | Removable Storage
Device Definition. Type USB Removable Storage to rename, and press Enter.
3 Double-click the device definition to edit it. Select Bus Type, select USB and click OK.
4 Right-click in the device definitions panel again, and click Add New | Removable Storage
Device Definition. Type McAfee Encrypted USB Devices to rename, and press Enter.
5 Double-click the device definition to edit it. Select Bus Type, select USB Vendor
ID/Product ID and click Add New. The definition paramete edit dialog box appears.
6 Click Add New to add each of the following devices:
TIP: Use the mouse to select the Product ID and Description text boxes.
Example
1 In the Navigation Bar under Rules, select Tagging Rules. Right-click in the tagging rules
panel, click Add New | Content Based Tagging Rule, and type SSN Tagging Rule to
rename the rule.
2 Double-click the rule to edit it. From the pre-defined list of secured text patterns, check
Social Security Number. Click Next.
3 On the tags page, click Add New, type SSN Tag in the Name text box, click OK, then
Finish.
4 In the Navigation Bar under Rules, select Reaction Rules. Right-click in the panel, click
Add New | Removable Storage Protection Rule, and rename it Block PII copied to
removable storage.
5 Double-click the rule to open the wizard. You can skip all of the steps except the following:
a On the tags page, select the SSN tag created in step 4.
b On the actions page, select Block, Monitor, Notify User, and Store Evidence.
Example
1 In the Navigation Bar under Applications, select Enterprise Applications List.
2 Right-click in the application list panel, and click Add. Browse to the GIS application
executable, then click Open. Note the exact executable name. You will need it in the next
step. Click Add, then Close.
3 In the Navigation Bar under Applications, select Application Groups. Right-click in the
panel, and click Add New | Application Group. Type GIS Applications in the Name text
box and press Enter.
4 Double-click the GIS Applications group. Browse to the name of the vendor and select
it. Click the plus sign next to the name to view the details. If there are other products by
the same vendor you don't want to include in the rule, deselect them.
5 In the Navigation Bar under Rules, select Tagging Rules. Right-click in the tagging rules
panel, click Add New | Application Based Tagging Rule, and type GIS Tagging Rule to
rename the rule.
6 Double-click the rule, select GIS Applications, then click Next.
7 (Optional) Click Select from list, select Graphic files, then click Next three times to
reach the Tags page.
8 Click Add New, name the tag GIS Tag, click OK, then Finish.
9 In the Navigation Bar under Rules, select Reaction Rules. Right-click in the panel, click
Add New | Removable Storage Protection Rule, and rename it Block GIS files copied
to removable storage.
10 Double-click the rule to open the wizard. You can skip all of the steps except the following:
a On the tags page, select the GIS Tag created in step 6.
b On the actions page, select Block, Monitor, Notify User, and Store Evidence.
• Alcohol 120%
• Iomega Hotburn
Example
1 In the Navigation Bar under Device Management, select Device Definitions.
2 Right-click in the device definitions panel, and click Add New | Removable Storage
Device Definition. Type CD/DVD Devices to rename, and press Enter.
3 Double-click the device definition to edit it. Select CD/DVD Drives and click OK to close
the definition dialog.
4 In the Navigation Bar under Device Management, select Device Rules.
5 Right-click in the device definitions panel, and click Add New | Removable Storage
Device Rule. Type Block all CD-R burning to rename, and press Enter.
6 Double-click to edit the rule. Select CD/DVD Devices in the Include column. Click Next.
7 Select Notify User and Read Only. Click Finish.