Fortinet black logo

Administration Guide

Defining the sensitive data

Defining the sensitive data

Sensitive data can be any of the following types:

  • User-defined: specify what information should be checked, such as a word, a phrase, or a regular expression.
  • Predefined: for your convenience, FortiMail comes with a list of predefined information types, such as credit card numbers and SIN numbers. To view the predefined sensitive data, go to Data Loss Prevention > Sensitive Data > Standard Compliance.
  • Document fingerprints: see DLP document fingerprinting.
  • File filters: these are the same file filters you use in the content profiles. See Configuring file filters.

DLP document fingerprinting

One of the DLP techniques to detect sensitive data is fingerprinting (also called document fingerprinting). Most DLP techniques rely on you providing a characteristic of the file you want to detect, whether it’s the file type, the file name, or part of the file contents. Fingerprinting is different in that you provide the file itself. The FortiMail unit then generates a checksum fingerprint and stores it. The FortiMail unit generates a fingerprint for all email attachments, and compares it to all of the fingerprints stored in its fingerprint database. If a match is found, the configured action is taken.

PDF and Microsoft/Open Office files can be detected by DLP fingerprinting and fingerprints can be saved for each revision of your files as they are updated.

The FortiMail unit must have access to the documents for which it generates fingerprints. There are two methods to generate fingerprints:

  • One method is to manually upload documents to be fingerprinted directly to the FortiMail unit.
  • The other is to allow the FortiMail unit to access a network share that contains the documents to be fingerprinted.

If only a few documents are to be fingerprinted, a manual upload may be the easiest solution. If many documents require fingerprinting, or if the fingerprinted documents are frequently revised, using a network share makes user access easier to manage.

Note

When you generate document fingerprints, only MS Office, Open Office, and PDF files with a minimum of 50 characters are supported.

To configure manual document fingerprints
  1. Go to Data Loss Prevention > Sensitive Data > Fingerprint.
  2. Click New and configure the following:

GUI item

Description

Name

Enter a descriptive name for the fingerprint.

Description

Optionally enter a description.

File list

Click New to browse to the file and generate a fingerprint for it.

In the Fingerprint Status column, one of the following status will be displayed:

  • To be generated - The status when you've uploaded the file to the Fingerprint list before clicking the Create button.
  • Being generated: The status when the fingerprint generating process is executing.

  • Generated - The fingerprint has been generated.
  • Not generated - No fingerprint has been generated for the file because there is not enough text or the fingerprint is being generated
  • File type not supported - The file type is not supported to generated fingerprint.
To configure a fingerprint document source
  1. Go to Data Loss Prevention > Sensitive Data > Fingerprint Source.
  2. Click New and configure the following:

GUI item

Description

Name

Enter a descriptive name for the document source.

Server type

This refers to the type of server share that is being accessed. The default is SMB/CIFS (Windows Share protocol) but this will also work on Samba shares.

Server address

Enter the IP address of the server.

User name

Enter the user name of the account the FortiMail unit uses to access the server network share.

Password

Enter the password of the account the FortiMail unit uses to access the server network share.

Path

Enter the path to the document folder.

File pattern

You may enter a filename pattern to restrict fingerprinting to only those files that match the pattern. To fingerprint all files, enter an asterisk (“*”).

Checking period

Check the files document source daily if the files are added or changed regularly.

Advanced

Fingerprint files in subdirectories

By default, only the files in the specified path are fingerprinted. Files in subdirectories are ignored. Select this option to fingerprint files in subdirectories of the specified path.

Remove fingerprints for detected files

Select this option to retain the fingerprints of files deleted from the document source. If this option is disabled, fingerprints for deleted files will be removed when the document source is scanned next time.

Keep previous fingerprints for modified files

Select this option to retain the fingerprints of previous revisions of updated files. If this option is disabled, fingerprints for previous version of files will be deleted when a new fingerprint is generated.

See also

Configuring DLP rules

Configuring email archiving policies

Configuring email archiving exemptions

Managing archived email

Defining the sensitive data

Sensitive data can be any of the following types:

  • User-defined: specify what information should be checked, such as a word, a phrase, or a regular expression.
  • Predefined: for your convenience, FortiMail comes with a list of predefined information types, such as credit card numbers and SIN numbers. To view the predefined sensitive data, go to Data Loss Prevention > Sensitive Data > Standard Compliance.
  • Document fingerprints: see DLP document fingerprinting.
  • File filters: these are the same file filters you use in the content profiles. See Configuring file filters.

DLP document fingerprinting

One of the DLP techniques to detect sensitive data is fingerprinting (also called document fingerprinting). Most DLP techniques rely on you providing a characteristic of the file you want to detect, whether it’s the file type, the file name, or part of the file contents. Fingerprinting is different in that you provide the file itself. The FortiMail unit then generates a checksum fingerprint and stores it. The FortiMail unit generates a fingerprint for all email attachments, and compares it to all of the fingerprints stored in its fingerprint database. If a match is found, the configured action is taken.

PDF and Microsoft/Open Office files can be detected by DLP fingerprinting and fingerprints can be saved for each revision of your files as they are updated.

The FortiMail unit must have access to the documents for which it generates fingerprints. There are two methods to generate fingerprints:

  • One method is to manually upload documents to be fingerprinted directly to the FortiMail unit.
  • The other is to allow the FortiMail unit to access a network share that contains the documents to be fingerprinted.

If only a few documents are to be fingerprinted, a manual upload may be the easiest solution. If many documents require fingerprinting, or if the fingerprinted documents are frequently revised, using a network share makes user access easier to manage.

Note

When you generate document fingerprints, only MS Office, Open Office, and PDF files with a minimum of 50 characters are supported.

To configure manual document fingerprints
  1. Go to Data Loss Prevention > Sensitive Data > Fingerprint.
  2. Click New and configure the following:

GUI item

Description

Name

Enter a descriptive name for the fingerprint.

Description

Optionally enter a description.

File list

Click New to browse to the file and generate a fingerprint for it.

In the Fingerprint Status column, one of the following status will be displayed:

  • To be generated - The status when you've uploaded the file to the Fingerprint list before clicking the Create button.
  • Being generated: The status when the fingerprint generating process is executing.

  • Generated - The fingerprint has been generated.
  • Not generated - No fingerprint has been generated for the file because there is not enough text or the fingerprint is being generated
  • File type not supported - The file type is not supported to generated fingerprint.
To configure a fingerprint document source
  1. Go to Data Loss Prevention > Sensitive Data > Fingerprint Source.
  2. Click New and configure the following:

GUI item

Description

Name

Enter a descriptive name for the document source.

Server type

This refers to the type of server share that is being accessed. The default is SMB/CIFS (Windows Share protocol) but this will also work on Samba shares.

Server address

Enter the IP address of the server.

User name

Enter the user name of the account the FortiMail unit uses to access the server network share.

Password

Enter the password of the account the FortiMail unit uses to access the server network share.

Path

Enter the path to the document folder.

File pattern

You may enter a filename pattern to restrict fingerprinting to only those files that match the pattern. To fingerprint all files, enter an asterisk (“*”).

Checking period

Check the files document source daily if the files are added or changed regularly.

Advanced

Fingerprint files in subdirectories

By default, only the files in the specified path are fingerprinted. Files in subdirectories are ignored. Select this option to fingerprint files in subdirectories of the specified path.

Remove fingerprints for detected files

Select this option to retain the fingerprints of files deleted from the document source. If this option is disabled, fingerprints for deleted files will be removed when the document source is scanned next time.

Keep previous fingerprints for modified files

Select this option to retain the fingerprints of previous revisions of updated files. If this option is disabled, fingerprints for previous version of files will be deleted when a new fingerprint is generated.

See also

Configuring DLP rules

Configuring email archiving policies

Configuring email archiving exemptions

Managing archived email