Red Hat NETWORK BASIC - USER REFERENCE GUIDE 4.0 Betriebsanweisung PDF herunterladen (Seite 71)

Finally, we have a match and regex statement that detects the user’s login credentials:

match=email=

regex=email=.*%40[^&]+

Putting it all together, we have a single plugin as follows:

id=9000

family=Web Clients

clientissue

dependency=1735

name=Facebook_Usage

description=The remote client was observed logging into a Facebook account.

You should ensure that such behavior is in alignment with

Corporate Policies and guidelines. For your information, the user account

was logged as:

risk=MEDIUM

solution=Stay off of Facebook.

match=>POST /

match=^Host: *.facebook.com

match=email=

regex=email=.*%40[^&]+

This plugin could be named Facebook.prm and added into the /opt/pvs/var/pvs/plugins/ directory. If the

SecurityCenter is being used to manage one or more PVS systems, use the plugin upload dialog to add the new .prm file.

If you wish to create a policy file that includes multiple checks, use the reserved word “NEXT” within the policy file. For

example:

id=9000

…

rest of plugin

…

id=9001

…

etc.

Detecting Confidential Data in Motion

Many organizations want to ensure that confidential data does not leave the network. PVS can aid in this by looking at

binary patterns within observed network traffic. If critical documents or data can be tagged with a binary string, such as an

MD5 checksum, the PVS will have the ability to detect these files being passed outside the network. For example:

Create a document that has a binary string of:

0xde1d7f362734c4d71ecc93a23bb5dd4c and

0x747f029fbf8f7e0ade2a6198560c3278

A PVS plugin could then be created to look for this pattern as follows:

id=9005

trigger-dependency

1 2 ... 66 67 68 69 70 71 72 73 74 75 76 77 78 79

Keine Kommentare

Red Hat NETWORK BASIC - USER REFERENCE GUIDE 4.0 Betriebsanweisung Seite 71