Integrating Data Security with Existing Infrastructure > Working with shared drives
|
Discovery is the act of determining where sensitive content is located in your enterprise. If you have shared drives, for example on Windows or Novell, you can create a data discovery task that describes where and when to perform discovery on these drives, including specific network locations to scan.This section describes the steps required for Websense Data Security to be able to scan files and folders on Novell file servers.
NDS - Novell Directory Services - Using NDS, a network administrator can set up and control a database of users and manage them using a directory with an easy-to-use graphical user interface (GUI). Users at remote locations can be added, updated, and managed centrally. Applications can be distributed electronically and maintained centrally. The concept is similar to Microsoft's Active Directory.
Novell Client for Windows - a client software used so that Windows machines can authenticate through NDS and access shared resources on Novell servers.
1. Create a user account in Novell eDirectory (NDS). This user will be used by the Websense Data Security Discovery agent to authenticate with Novell eDirectory and access files and folders.The user account must have the same logon name and password as the Websense Data Security service account.
2. Make sure the newly created user has at least "Read" permissions on all files and folders that you wish to run discovery on.
1. Download the latest Novell Client for Windows from the Novell Web site:
http://www.novell.com/products/clients/
2. Run setupnw.exe and select Custom Installation.
3.
4.
6.
9. Log on to Windows and Novell using the Data Security service account (it should be the same user for both platforms as stated above).Under the eDirectory tab, you must select the tree and its relevant context for the folders you are about to run discovery on.
10.
11. Click Cancel.
12. Ensure the files you are about to run discovery on are accessible from Windows by UNC (for example, \\NovelFileSrv\vol1\Data).
13. Right-click the Novell icon in the task bar and select Novell Connections.
14. On all connections, click Detach until no connections remain.
a. Select Main > Policy Management > Discovery Policies.
b. Select Network Discovery Tasks.
c.
d.
e. Click Advanced, and add the Novell access port number 524.
f. On the Scanned Folders page, use the Data Security service account for authentication.If you want to perform data discovery on Windows file shares, you need to install NFS client on your Data Security server. If you have more than one Data Security server, install NFS client on the one with the crawler you will use to perform discovery.
1. On the Data Security server you will use to perform discovery, install the NFS client from the "Windows Services for Unix" package. You can download the package from Microsoft's Technet.
3. After installation has completed, select Start > Programs > Windows Services for UNIX > Services for UNIX Administration.
4. Navigate to Client for NFS and set the file permissions to All, Read, Write and Execute.
5. Under Performance, change the transport protocol from UDP to TCP and the Mount type from Soft to Hard.
7. Click Apply when done.
8. Navigate to User Name Mapping.
9. On the Configuration tab specify whether the user name to be mapped will be imported from a Network Information Service (NIS) or from password/group files (/etc/passwd and /etc/group). For NIS mapping, enter the IP address or host name of the NIS server and the NIS domain name. Files are used in the example below.
If you select User Password and Group Files, you only need to add the users and groups that need to be mapped.
10. On the Maps tab, select the machine or domain for the user account that will be specified in the discovery task and click List Windows Users.
11. Click List UNIX Users and specify an account that has access to the NFS share.
12. Select a user name from each list box, then click Add to map the names.
14. Create a data discovery policy in TRITON - Data Security. (See the section "Creating a data discovery policy" in TRITON - Data Security Help for instructions.)
15. Create a file system task. Select Main > Policy Management > Discovery Policies, and then select Add Network Task > File System Task.
16. On the General screen, add a name and description for the discovery task and select the crawler to perform the discovery (the one where you installed the NFS client).
17. On the Networks screen, click Advanced and add port 2049 to the existing list of scanned ports.
18. On the Scanned Folders screen, specify the shared to be scanned and the user name and password of the Windows user mapped to the UNIX user name.
Network discovery has a limit of 255 characters for the path and file name. Files contained in paths that have more than 255 characters are not scanned.
Administrative shares - Select this if you want to scan administrative share drives such as C$.
Shared folders - Select this if you want to scan shared folders such as PublicDocs.
Specific folders - Select this if you want to scan specific folders, then enter the name(s) of the folder(s) to scan, separated by semi-colons.
TCP - Select TCP if you want to scan the share drives using transmission control protocol.
ICMP - Select ICMP if you want to scan the share drives using Internet control message protocol. For more information on the wizard for creating file system discovery tasks, see the section "File System tasks" in TRITON - Data Security Help.
Integrating Data Security with Existing Infrastructure > Working with shared drives
|