Integrating Data Security with Existing Infrastructure > Working with existing email infrastructure
|
You can configure Websense Data Security within your existing email infrastructure to block and quarantine email that contravenes your policies.You can do this by connecting Websense Email Security Gateway, the SMTP agent, or the Websense protector to the network directly in the path of the traffic, enabling traffic to be not only monitored, but also blocked, quarantined, or even terminated before it reaches its destination.This section describes the SMTP agent and protector. For information on using Email Security Gateway, see Email Security Gateway (V10000 G2) or Email Security Gateway (V5000 G2).If you want the option to block email that breaches policy, the SMTP agent is the easiest deployment option to configure, monitor, and debug in a production email environment. Do the following to set up the SMTP agent within your email infrastructure for this purpose:
1. Run the Websense installer as described in Installing Data Security Components. You can install the SMTP agent on a TRITON Management Server, supplemental Data Security server, or as a stand-alone agent on another Windows server machine equipped with Microsoft IIS.
2. To configure the SMTP agent, in TRITON - Data Security, select Settings > Deployment > System Modules. Select the SMTP agent.
In the General tab:
In the SMTP Filter tab:
Select the Enable filtering on the following internal email domains check box.
In the Encryption & Bypass tab:
If you want encrypted or flagged email to bypass analysis, select the Enable redirection gateway check box, then enter the redirection gateway IP and port. Specify the encryption and/or bypass flags to use.
In the Advanced tab:
Click OK to save all the above settings.
4. Select Main > Policy Management > DLP Policies. Select the policy rule that you wish to use for email management and click Edit.
Select Severity & Action, then select an action plan that includes notifications.
6. Click Deploy to activate the settings.
7. Configure your corporate email server to route email to the SMTP agent. (The agent becomes a MTA.)In monitoring mode, the protector monitors and analyzes SMTP traffic, but does not enable policies to block transactions. It is important that not all networks have permission to send email via the protector's SMTP service, otherwise the protector can be used as a mail relay. To avoid this, you should limit the networks that send email via the protector.In explicit MTA mode, the protector acts as an MTA for your SMTP traffic and operates in protect mode. Protect mode allows you to block transactions that breach policy.The figure below shows a common topology in which the protector is installed inline. The checklist in this section refers to the numbers in this figure.
Verify that the required hardware is available - check the latest release notes for the list of certified hardware.
If inline mode is selected, verify that the protector contains a certified Silicom Network card (either Dual or Quad).
Valid IP addresses for the Data Security server and the protector management port in the Data Security LAN
Make sure the following IP addresses are known prior to installation - they are required in order to complete the procedure:If there is more than one site, the internal networks list should include the networks of all sites.
The IP address of the outbound gateway for the protector - this will typically be the internal leg of the firewall [2]
The IP address of the inbound gateway for the protector - this will typically be the external leg of the backbone switch or router [6]
The HELO string the protector will use when identifying itself. This is relevant for the SMTP channel only.
If customized notifications will be displayed when content is blocked, these should be prepared beforehand.
2. Run the Websense installer as described in Installing Data Security Components. During installation make sure the time, date and timezone are precise, and map eth0 to verify it is located on the main board.
4. To configure the protector, in TRITON - Data Security, select Settings > Deployment > System Modules. Select the protector.
In the General tab:
Select Enabled.
In the Networking tab:
Set Default gateway to the outbound gateway.
Set Interface to br0.
For the Connection mode, select Inline (Bridge).
In the Network Interfaces list, select br0 and click Edit. Select Enable bypass mode to allow traffic in case of Data Security Server software/hardware failure. Click OK.
Select Include specific networks. Add all the internal networks for all sites. This list is used to identify the direction of the traffic.The mail servers and mail relays should be considered part of the internal network.
Select the SMTP service. On the General tab, set the Mode to Monitoring bridge. On the Traffic Filter tab, set the Direction to Outbound. Click OK.
Select the HTTP service. On the General tab, set the Mode to Monitoring bridge. On the Traffic Filter tab, set the Direction to Outbound. On the HTTP Filter tab, select Exclude destination domains if required. Click OK.
6. Connect the protector to the outgoing connection and to the organization's internal network. This should be done last, after the protector is fully configured.
2. Run the Websense installer as described in Installing Data Security Components. Make sure the time, date and time zone are precise, and verify that eth0 (or whatever port you specified during installation) is mapped and located on the main board.
1. In TRITON - Data Security, select Settings > Deployment > System Modules. Select the protector.
2. In the General tab:
Select Enabled.
3. In the Local Networks tab:
Select Include specific networks. Add all the internal networks for all sites. This list is used to identify the direction of the traffic.The mail servers and mail relays should be considered part of the internal network.
4. In the Services tab:
On the Mail Transfer Agent (MTA) tab:
Set the Operation Mode to Blocking and select the behavior desired when an unspecified error occurs during analysis.
Set the next hop MTA if required (for example, the company mail relay).
Set the addresses of all networks that are permitted to relay email messages through the protector. This is required, as it is important that not all networks have permission to send email via the protector's SMTP service, otherwise the protector can be used as a mail relay. This list should include the addresses any previous hops, such as your mail server.
5. Click OK to save all the above settings for the protector.
6. Select Main > Policy Management > DLP Policies. Select the policy rule that you wish to use for email management and click Edit.
Select Severity & Action, then select an action plan that includes notifications.
For more information about action plans, see the section "Action Plans" in TRITON - Data Security Help.
Click OK to save all the above settings.
8. Click Deploy to activate the settings.
1. Connect the protector to the outgoing connection and to the organization's internal network. This should be done last, after the protector is fully configured.
2. If a next hop server exists (for example, a company mail relay) you must add the protector's IP address to its allowed relay list.
Integrating Data Security with Existing Infrastructure > Working with existing email infrastructure
|