|
| 1 | +# DLP Tools and techniques |
| 2 | + |
| 3 | +> FYI: Data Loss Prevention is also known as Data Leakage Prevention (DLP) |
| 4 | +## Techniques |
| 5 | + |
| 6 | + |
| 7 | +### File size and type |
| 8 | + |
| 9 | +A file size filter checks for files with a specific size to perform configured DLP evaluation. |
| 10 | + |
| 11 | +A file type rule allows you to allow, block, quarantine, and log based on the file type. the file type can be identified by the [file extension](https://file-extension.net/seeker/), the [file magic id](https://en.wikipedia.org/wiki/List_of_file_signatures). You can also use a code library to identify unrecognized or unknown file types supported by a database of recognized file formats. |
| 12 | + |
| 13 | +It’s a good practice to use the code library against all files to ensure that the file is actually of the type indicated. Of course, the file format dataset should be regularly updated. |
| 14 | + |
| 15 | +### Predefined Expressions |
| 16 | + |
| 17 | +identifying sensitive information with minimal risk of transcription errors |
| 18 | + |
| 19 | +Names from the US Census Bureau (up to the year 1990) |
| 20 | + |
| 21 | +IBAN (International Bank Account Number) |
| 22 | + |
| 23 | +Most credit cards and many government identification numbers use the algorithm as a simple method of distinguishing valid numbers from mistyped or otherwise incorrect numbers. ISO/IEC 7812-1:2017 specifies a numbering system for the identification of the card issuers, the format of the issuer identification number (IIN) and the primary account number (PAN). |
| 24 | +https://www.iso.org/standard/70484.html |
| 25 | + |
| 26 | +https://en.wikipedia.org/wiki/Luhn_algorithm |
| 27 | +German computer scientist Hans Peter Luhn developed the Luhn algorithm in 1954. It calculates simple checksum formula used to validate identification numbers The algorithm was designed to protect against accidental errors, such as digit mistyping. It will detect any single-digit error, as well as almost all transpositions of adjacent digits. However, it will not detect transposition of the two-digit sequence 09 to 90 (or vice versa). |
| 28 | + |
| 29 | +### REGEX |
| 30 | + |
| 31 | +Expressio n-specific checksum |
| 32 | + |
| 33 | +### Fingerprinting |
| 34 | +Most DLP solutions can _fingerprint_ unstructured data within a file by algorithms that map the content to checksums. The DLP engine uses the checksums to detect outbound documents containing the same pattern. If a match is found, the configured action is taken. |
| 35 | + |
| 36 | +Of course, the fingerprinting module will not evaluate password protected files, picture, and image-only PDF documents that contain just the scanned/photographed images of pages, without an underlying text layer. |
| 37 | +files that contain only images. |
| 38 | + |
| 39 | +#### Forms and templates |
| 40 | +It’s a good practice to fingerprint template and then create a DLP policy that detects and blocks this kind of document with sensitive content filled in. |
| 41 | + |
| 42 | +I usually start with government, and human resources forms. You should update forms created specifically for your organization with a non printable ID to ease the identification and reduce false positive. |
| 43 | + |
| 44 | +#### Intellectual Property |
| 45 | + |
| 46 | +https://www.gutenberg.org/ebooks/ |
| 47 | +https://openlibrary.org/explore |
| 48 | + |
| 49 | +## Tools |
| 50 | + |
| 51 | +### Testing Resource |
| 52 | + |
| 53 | +| Name | HTTP Post | HTTPS Post | FTP | |
| 54 | +| :-- |:--: | :--:| :--: | |
| 55 | +|[DLP Test](https://dlptest.com/)| X | X | X | |
| 56 | +|[NetMask.US](http://www.netmask.us/dlptest)| X | X | X | |
| 57 | +|| X | X | X | |
| 58 | +http://www.testtheproxy.com/ |
| 59 | + |
0 commit comments