Defining the sensitive data
Sensitive data can be any of the following types:
- User-defined: You specify what information should be checked, such as a word, a phrase, or a regular expression. See also Syntax.
- Predefined: For your convenience, FortiMail comes with a list of predefined information types, such as credit card numbers and SIN numbers. To view the predefined sensitive data, go to Data Loss Prevention > Sensitive Data > Standard Compliance.
- Document fingerprints: see DLP document fingerprinting.
- File filters: Also used in the content profiles. See Configuring file filters.
DLP document fingerprinting
One of the DLP techniques to detect sensitive data is fingerprinting (also called document fingerprinting). Most DLP techniques rely on you providing a characteristic of the file you want to detect, whether it’s the file type, the file name, or part of the file contents. Fingerprinting is different in that you provide the file itself. The FortiMail unit then generates a checksum fingerprint and stores it. The FortiMail unit generates a fingerprint for all email attachments, and compares it to all of the fingerprints stored in its fingerprint database. If a match is found, the configured action is taken.
Currently, Microsoft Office, Open Office, PDF and text files can be detected by DLP fingerprinting and fingerprints can be saved for each revision of your files as they are updated.
The FortiMail unit must have access to the documents for which it generates fingerprints. There are two methods to generate fingerprints:
- One method is to manually upload documents to be fingerprinted directly to the FortiMail unit.
- The other is to allow the FortiMail unit to access a network share that contains the documents to be fingerprinted.
If only a few documents are to be fingerprinted, a manual upload may be the easiest solution. If many documents require fingerprinting, or if the fingerprinted documents are frequently revised, using a network share makes user access easier to manage.
When you generate document fingerprints, only Microsoft Office, Open Office, PDF and text files with a minimum of 50 characters are supported. |
To configure manual document fingerprints
- Go to Data Loss Prevention > Sensitive Data > Fingerprint.
- Click New and configure the following:
GUI item |
Description |
Name |
Enter a descriptive name for the fingerprint. |
Description |
Optionally enter a description. |
File list |
Click New to browse to the file and generate a fingerprint for it. In the Fingerprint Status column, one of the following status will be displayed:
|
To configure a fingerprint document source
- Go to Data Loss Prevention > Sensitive Data > Fingerprint Source.
- Click New and configure the following:
GUI item |
Description |
Name |
Enter a descriptive name for the document source. |
Server type |
This refers to the type of server share that is being accessed. The default is SMB/CIFS (Windows Share protocol) but this will also work on Samba shares. |
Server address |
Enter the IP address of the server. |
User name |
Enter the user name of the account the FortiMail unit uses to access the server network share. |
Password |
Enter the password of the account the FortiMail unit uses to access the server network share. |
Path |
Enter the path to the document folder. |
File pattern |
You may enter a filename pattern to restrict fingerprinting to only those files that match the pattern. To fingerprint all files, enter an asterisk (“*”). |
Checking period |
Check the files document source daily if the files are added or changed regularly. |
Advanced |
|
Fingerprint files in subdirectories |
By default, only the files in the specified path are fingerprinted. Files in subdirectories are ignored. Select this option to fingerprint files in subdirectories of the specified path. |
Remove fingerprints for detected files |
Select this option to retain the fingerprints of files deleted from the document source. If this option is disabled, fingerprints for deleted files will be removed when the document source is scanned next time. |
Keep previous fingerprints for modified files |
Select this option to retain the fingerprints of previous revisions of updated files. If this option is disabled, fingerprints for previous version of files will be deleted when a new fingerprint is generated. |
See also
Configuring email archiving policies