RSA DLP Endpoint User Guide

Total Page:16

File Type:pdf, Size:1020Kb

RSA DLP Endpoint User Guide RSA DLP 9.5 Endpoint User Guide Copyright and Trademark Contact Information Go to the RSA corporate website for regional Customer Support telephone and fax numbers: www.emc.com/domains/rsa/ index.htm Trademarks RSA, the RSA Logo and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other trademarks used herein are the property of their respective owners. For a list of EMC trademarks, go to www.emc.com/legal/emc-corporation-trademarks.htm. License Agreement This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and may be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person. No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability. This software is subject to change without notice and should not be construed as a commitment by EMC. Third-Party Licenses This product may include software developed by parties other than RSA. The text of the license agreements applicable to third-party software in this product may be viewed in the thirdpartylicenses_DLP_9.5.pdf file. Note on Encryption Technologies This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption technologies, and current use, import, and export regulations should be followed when using, importing or exporting this product. Distribution Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright © 2012 EMC Corporation. All Rights Reserved. Published in the USA. September 2012 RSA DLP 9.5 Endpoint User Guide Contents Preface ....................................................................................................................................11 About This Guide...............................................................................................................11 Product Version ..........................................................................................................11 Organization of This Book .........................................................................................11 RSA DLP Documentation................................................................................................. 13 Related Documentation.............................................................................................. 13 RSA Support and Service ................................................................................................. 14 RSA DLP Customer Support..................................................................................... 14 RSA DLP Consulting Services.................................................................................. 15 RSA DLP Education Services ................................................................................... 15 Contact RSA .............................................................................................................. 15 Part I: Using DLP Endpoint ............................................................................. 17 Chapter 1: Getting Started as a User ............................................................................. 19 Preventing Data Loss or Misuse ....................................................................................... 19 Why Protect Sensitive Information?.......................................................................... 19 About the RSA Data Loss Prevention ....................................................................... 20 About Policies and Content Analysis ........................................................................ 21 Using Enterprise Manager ................................................................................................ 21 About DLP Enterprise Manager ................................................................................ 22 Logging Into Enterprise Manager.............................................................................. 22 Viewing Risk Summaries and Reports ...................................................................... 23 Handling Incidents..................................................................................................... 23 Viewing and Editing Your User Profile .................................................................... 24 Using Enterprise Manager with DLP Endpoint......................................................... 25 Chapter 2: Managing Incidents........................................................................................ 27 Understanding Incidents and Events................................................................................. 27 The Incident List ...............................................................................................................28 Search for Incidents ................................................................................................... 31 View Incident Details ................................................................................................ 31 Manage Incidents Using the Action Links ................................................................ 31 Select the Columns to be Displayed in the Incident List........................................... 32 Export Search Results................................................................................................ 32 E-mail Search Results................................................................................................ 33 Schedule E-mail Notification of Search Results........................................................ 33 Contents 3 RSA DLP 9.5 Endpoint User Guide Save a Search............................................................................................................. 34 Run a Saved Search ................................................................................................... 35 Manage Saved Searches............................................................................................. 35 Customize Search Criteria ......................................................................................... 36 Incident List Columns................................................................................................ 37 Handling Incidents ............................................................................................................ 39 Handling an Endpoint Incident.................................................................................. 40 Incident Action .......................................................................................................... 45 Managing Incident Statuses .............................................................................................. 52 Create a Custom Incident Status................................................................................ 52 View Incident Status Details...................................................................................... 52 Edit a Custom Incident Status.................................................................................... 53 Set a Default Incident Status...................................................................................... 53 Re-order Incident Statuses ......................................................................................... 54 Delete Custom Incident Status................................................................................... 54 Chapter 3: Viewing Events................................................................................................ 57 About Events..................................................................................................................... 57 The Event List................................................................................................................... 59 Search for Events ....................................................................................................... 61 View Event Details .................................................................................................... 61 Select the Columns to be Displayed in the Event List............................................... 62 Export Search Results................................................................................................ 62 E-mail Search Results................................................................................................ 63 Schedule E-mail Notification of Search Results........................................................ 63 Save a Search............................................................................................................. 64 Run a Saved Search ..................................................................................................
Recommended publications
  • How to Hack a Turned-Off Computer Or Running Unsigned
    HOW TO HACK A TURNED-OFF COMPUTER, OR RUNNING UNSIGNED CODE IN INTEL ME Contents Contents ................................................................................................................................ 2 1. Introduction ...................................................................................................................... 3 1.1. Intel Management Engine 11 overview ............................................................................. 4 1.2. Published vulnerabilities in Intel ME .................................................................................. 5 1.2.1. Ring-3 rootkits.......................................................................................................... 5 1.2.2. Zero-Touch Provisioning ........................................................................................... 5 1.2.3. Silent Bob is Silent .................................................................................................... 5 2. Potential attack vectors ...................................................................................................... 6 2.1. HECI ............................................................................................................................... 6 2.2. Network (vPro only)......................................................................................................... 6 2.3. Hardware attack on SPI interface ..................................................................................... 6 2.4. Internal file system .........................................................................................................
    [Show full text]
  • Issue #63, July 2000 Starting Our SIXTH Year in Publishing!
    Issue #63, July 2000 Starting our SIXTH year in publishing! 64a Page 1 Wed, Jul 2000 Cover by: Bill Perry [email protected] Published by My Mac Productions 110 Burr St., Battle Creek, MI 49015-2525 Production Staff Tim Robertson • [email protected] Publisher / Creator / Owner Editor-in-Chief Adam Karneboge • [email protected] Webmaster / Contributing Editor Roger Born • [email protected] Website Edior Barbara Bell • [email protected] Director, Public Relations •Jobs & Woz • Inspiration Artwork Created by: •Mike Gorman• [email protected] •Bill Perry• [email protected] •Tim Robertson• [email protected] •Adam Karneboge• [email protected] This Publication was created with: DOCMaker v4.8.4 http://www.hsv.tis.net/~greenmtn & Adobe Acrobat 4.0 http://www.adobe.com 64a Page 2 Wed, Jul 2000 Other Tools: Adobe Photoshop 5.5, 5.0.1 ColorIt! 4.0.1 BBEdit Lite ClarisWorks 5.0 Microsoft Word 98 GraphicConverter Snapz Pro 2.0 SimpleText Netscape Communicator 4.6.1 Internet Explorer 4.5 Eudora Pro 4.0.2 FileMaker Pro 4.0v3 QuickKeys 4.0 and the TitleTrack CD Player (To keep us sane!) Website hosted by Innovative Technologies Group Inc. http://www.inno-tech.com My Mac Magazine ® 1999-2000 My Mac Productions. All Rights Reserved. 64a Page 3 Wed, Jul 2000 http://www.inno-tech.com http://www.smalldog.com http://www.megamac.com 64a Page 4 Wed, Jul 2000 Advertising in My Mac = Good Business Sense! With over 500,000 website visits a month and thousands of email subscribers, You just can't go wrong! Send email to [email protected] for information.
    [Show full text]
  • Intel Management Engine Deep Dive
    Intel Management Engine Deep Dive Peter Bosch About me Peter Bosch ● CS / Astronomy student at Leiden University ● Email : [email protected] ● Twitter: @peterbjornx ● GitHub: peterbjornx ● https://pbx.sh/ About me Previous work: ● CVE-2019-11098: Intel Boot Guard bypass through TOCTOU attack on the SPI bus (Co-discovered by @qrs) Outline 1. Introduction to the Management Engine Operating System 2. The Management Engine as part of the boot process 3. Possibilities for opening up development and security research on the ME Additional materials will be uploaded to https://pbx.sh/ in the days following the talk. About the ME About ME ● Full-featured embedded system within the PCH ○ 80486-derived core ○ 1.5MB SRAM ○ 128K mask ROM ○ Hardware cryptographic engine ○ Multiple sets of fuses. ○ Bus bridges to PCH global fabric ○ Access to host DRAM ○ Access to Ethernet, WLAN ● Responsible for ○ System bringup ○ Manageability ■ KVM ○ Security / DRM ■ Boot Guard ■ fTPM ■ Secure enclave About ME ● Only runs Intel signed firmware ● Sophisticated , custom OS ○ Stored mostly in SPI flash ○ Microkernel ○ Higher level code largely from MINIX ○ Custom filesystems ○ Custom binary format ● Configurable ○ Factory programmed fuses ○ Field programmable fuses ○ SPI Flash ● Extensible ○ Native modules ○ JVM (DAL) Scope of this talk Intel ME version 11 , specifically looking at version 11.0.0.1205 Platforms: ● Sunrise Point (Core 6th, 7th generation SoC, Intel 100, 200 series chipset) ● Lewisburg ( Intel C62x chipsets ) Disclaimer ● I am in no way affiliated with Intel Corporation. ● All information presented here was obtained from public documentation or by reverse engineering firmware extracted from hardware found “in the wild”. ● Because this presentation covers a very broad and scarcely documented subject I can not guarantee accuracy of the contents.
    [Show full text]
  • The Strangeness Magnetic Moment of the Proton in the Chiral Quark Model
    The Strangeness Magnetic Moment of the Proton in the Chiral Quark Model L. Hannelius, D.O. Riska Department of Physics, University of Helsinki, 00014 Finland and L. Ya. Glozman Institute for Theoretical Physics, University of Graz, A-8019 Graz, Austria Abstract The strangeness magnetic moment of the proton is shown to be small in the chiral quark model. The dominant loop contribution is due to kaons. The K∗ loop contributions are proportional to the difference between the strange and light constituent quark masses or −2 mK∗ and therefore small. The loop fluctuations that involve radiative transitions between K∗ mesons and kaons are small, when the cut-off scale in the loops is taken to be close to the chiral symmetry restoration scale. The net loop amplitude contribution to the strangeness magnetic moment of the proton is about −0.05, which falls within the uncertainty range of arXiv:hep-ph/9908393v2 24 Aug 1999 the experimental value. 0 1. Introduction The recent finding by the SAMPLE collaboration that the strangeness magnetic moment s 2 2 of the proton is small, and possibly even positive [1] (GM (Q = 0.1 GeV )=0.23 ± 0.37) was unexpected in view of the fact that the bulk of the many theoretical predictions for this quantity are negative, and outside of the experimental uncertainty range (summaries are given e.g. in refs. [2, 3, 4]). A recent lattice calculation gives −0.36 ± 0.20 for this quantity [5], thus reaffirming the typical theoretical expectation, while remaining outside of the uncertainty range of the empirical value.
    [Show full text]
  • “Saved with a Click” from National Capital Freenet
    “Saved with a Click” From National Capital FreeNet With thanks to the City of Ottawa's Community Economic Development Funding Program Open Source software “From free and robust operating systems to free software that can work on your existing system” You may already be using free software! Like Firefox: What is free software? Types of software: • Proprietary software – costs money, (like Microsoft Office) • Proprietary freeware, given away for free (like Google Chrome) • Proprietary shareware: ◦ Adware - has adverting ◦ Crippleware – downgraded version ◦ Trialware – limited time use (i.e. 30 day free trial) ◦ Nagware – free, but bugs you to pay for it regularly ◦ Freemium – free version with limited features, full version available for a cost (Like Kaspersky Anti-Virus or AVG AntiVirus Free) Free Software Free Software Foundation definition: • The freedom to run the program as you wish, for any purpose (freedom 0) • The freedom to study how the program works, and change it so it does your computing as you wish (freedom 1). Access to the source code is a precondition for this. • The freedom to redistribute copies so you can help others (freedom 2). • The freedom to distribute copies of your modified versions to others (freedom 3). By doing this you can give the whole community a chance to benefit from your changes. Access to the source code is a precondition for this. Free Licences Examples: • Gnu Public Licence • BSD Licence • Mozilla Public License • Many others • Licensing matters! Who Cares? The case of Skype: • Skype is voice, text and video communication software for talking to people, that was created by Niklas Zennström of Sweden and the Janus Friis of Denmark, in cooperation with Ahti Heinla, Priit Kasesalu and Jaan Tallinn, both of Estonia.
    [Show full text]
  • An Introduction to Morphos
    An Introduction to MorphOS Updated to include features to version 1.4.5 May 14, 2005 MorphOS 1.4 This presentation gives an overview of MorphOS and the features that are present in the MorphOS 1.4 shipping product. For a fully comprehensive list please see the "Full Features list" which can be found at: www.PegasosPPC.com Why MorphOS? Modern Operating Systems are powerful, flexible and stable tools. For the most part, if you know how to look after them, they do their job reasonably well. But, they are just tools to do a job. They've lost their spark, they're boring. A long time ago computers were fun, it is this background that MorphOS came from and this is what MorphOS is for, making computers fun again. What is MorphOS? MorphOS is a fully featured desktop Operating System for PowerPC CPUs. It is small, highly responsive and has very low hardware requirements. The overall structure of MorphOS is based on a new modern kernel called Quark and a structure divided into a series of "boxes". This system allows different OS APIs to be used along side one another but isolates them so one cannot compromise the other. To make sure there is plenty of software to begin with the majority of development to date has been based on the A- BOX. In the future the more advanced Q-Box shall be added. Compatibility The A-Box is an entire PowerPC native OS layer which includes source and binary compatibility with software for the Commodore A500 / A1200 etc.
    [Show full text]
  • Basics of Qcd Perturbation Theory
    BASICS OF QCD PERTURBATION THEORY Davison E. Soper* Institute of Theoretical Science University of Oregon, Eugene, OR 97403 ABSTRACT (•• i This is an introduction to the use of QCD perturbation theory, em- I phasizing generic features of the theory that enable one to separate short-time and long-time effects. I also cover some important classes of applications: electron-positron annihilation to hadrons, deeply in- elastic scattering, and hard processes in hadron-hadron collisions. •Supported by DOE Contract DE-FG03-96ER40969. © 1996 by Davison E. Soper. -15- 1 Introduction 2 Electron-Positron Annihilation and Jets A prediction for experiment based on perturbative QCD combines a particular In this section, I explore the structure of the final state in QCD. I begin with the calculation of Feynman diagrams with the use of general features of the theory. kinematics of e+e~ —> 3 partons, then examine the behavior of the cross section The particular calculation is easy at leading order, not so easy at next-to-leading for e+e~ —i- 3 partons when two of the parton momenta become collinear or one order, and extremely difficult beyond the next-to-leading order. This calculation parton momentum becomes soft. In order to illustrate better what is going on, of Feynman diagrams would be a purely academic exercise if we did not use certain I introduce a theoretical tool, null-plane coordinates. Using this tool, I sketch general features of the theory that allow the Feynman diagrams to be related to a space-time picture of the singularities that we find in momentum space.
    [Show full text]
  • Introduction to Storage and Software Systems for Data Analysis
    INTRODUCTION TO STORAGE AND SOFTWARE SYSTEMS FOR DATA ANALYSIS Bob Jacobsen University of California, Berkeley, USA Abstract The Storage and Software Systems for Data Analysis track discusses how HEP physics data is taken, processed and analyzed, with emphasis on the problems that data size and CPU needs pose for people trying to do experimental physics. The role of software engineering is discussed in the context of building large, robust systems that must at the same time be accessible to physicists. We include some examples of existing systems for physics analysis, and raise some issues to consider when evaluating them. This lecture is the introduction to those topics. 1. INTRODUCTION Many modern high-energy physics (HEP) experiments are done by collaborations of hundreds of people. Together, these groups construct and operate complex detectors, recording billions of events and terabytes of data, all toward the goal of “doing physics”. In this note, we provide an introduction to how we currently do this, and raise a number of issues to be considered when thinking about the new systems that are now being built. 2. SCALE OF THE EXPERIMENTS BaBar, CDF and D0 are examples of the large experiments now taking or about to take data in a collider environment. The collaborations that have built these experiments contain 300 to 600 members with varying levels of activity. Almost everybody is considered “familiar” with using computing to do their work, but only a small fraction of the collaboration can be considered as computing professionals. Some of these can even be considered world-class experts in large scale computing.
    [Show full text]
  • Quarkxpress 8.0 Readme Ii
    QuarkXPress 8.0 ReadMe ii Contents QuarkXPress 8.0 ReadMe....................................................................................................3 System requirements.............................................................................................................4 Mac OS.....................................................................................................................................................4 Windows...................................................................................................................................................4 Installing: Mac OS................................................................................................................5 Performing a silent installation.................................................................................................................5 Preparing for silent installation....................................................................................................5 Installing.......................................................................................................................................5 Performing a drag installation..................................................................................................................5 Adding files after installation...................................................................................................................6 Installing: Windows..............................................................................................................7
    [Show full text]
  • Lepton Probes in Nuclear Physics
    L C f' - l ■) aboratoire ATIONAI FR9601644 ATURNE 91191 Gif-sur-Yvette Cedex France LEPTON PROBES IN NUCLEAR PHYSICS J. ARVIEUX Laboratoire National Saturne IN2P3-CNRS A DSM-CEA, CESaclay F-9I191 Gif-sur-Yvette Cedex, France EPS Conference : Large Facilities in Physics, Lausanne (Switzerland) Sept. 12-14, 1994 ££)\-LNS/Ph/94-18 Centre National de la Recherche Scientifique CBD Commissariat a I’Energie Atomique VOL LEPTON PROBES IN NUCLEAR PHYSICS J. ARVTEUX Laboratoire National Saturne IN2P3-CNRS &. DSM-CEA, CESaclay F-91191 Gif-sur-Yvette Cedex, France ABSTRACT 1. Introduction This review concerns the facilities which use the lepton probe to learn about nuclear physics. Since this Conference is attended by a large audience coming from diverse horizons, a few definitions may help to explain what I am going to talk about. 1.1. Leptons versus hadrons The particle physics world is divided in leptons and hadrons. Leptons are truly fundamental particles which are point-like (their dimension cannot be measured) and which interact with matter through two well-known forces : the electromagnetic interaction and the weak interaction which have been regrouped in the 70's in the single electroweak interaction following the theoretical insight of S. Weinberg (Nobel prize in 1979) and the experimental discoveries of the Z° and W±- bosons at CERN by C. Rubbia and Collaborators (Nobel prize in 1984). The leptons comprise 3 families : electrons (e), muons (jt) and tau (r) and their corresponding neutrinos : ve, and vr . Nuclear physics can make use of electrons and muons but since muons are produced at large energy accelerators, they more or less belong to the particle world although they can also be used to study solid state physics.
    [Show full text]
  • Phenomenological Review on Quark–Gluon Plasma: Concepts Vs
    Review Phenomenological Review on Quark–Gluon Plasma: Concepts vs. Observations Roman Pasechnik 1,* and Michal Šumbera 2 1 Department of Astronomy and Theoretical Physics, Lund University, SE-223 62 Lund, Sweden 2 Nuclear Physics Institute ASCR 250 68 Rez/Prague,ˇ Czech Republic; [email protected] * Correspondence: [email protected] Abstract: In this review, we present an up-to-date phenomenological summary of research developments in the physics of the Quark–Gluon Plasma (QGP). A short historical perspective and theoretical motivation for this rapidly developing field of contemporary particle physics is provided. In addition, we introduce and discuss the role of the quantum chromodynamics (QCD) ground state, non-perturbative and lattice QCD results on the QGP properties, as well as the transport models used to make a connection between theory and experiment. The experimental part presents the selected results on bulk observables, hard and penetrating probes obtained in the ultra-relativistic heavy-ion experiments carried out at the Brookhaven National Laboratory Relativistic Heavy Ion Collider (BNL RHIC) and CERN Super Proton Synchrotron (SPS) and Large Hadron Collider (LHC) accelerators. We also give a brief overview of new developments related to the ongoing searches of the QCD critical point and to the collectivity in small (p + p and p + A) systems. Keywords: extreme states of matter; heavy ion collisions; QCD critical point; quark–gluon plasma; saturation phenomena; QCD vacuum PACS: 25.75.-q, 12.38.Mh, 25.75.Nq, 21.65.Qr 1. Introduction Quark–gluon plasma (QGP) is a new state of nuclear matter existing at extremely high temperatures and densities when composite states called hadrons (protons, neutrons, pions, etc.) lose their identity and dissolve into a soup of their constituents—quarks and gluons.
    [Show full text]
  • Comodo System Cleaner Software Version 3.0
    Comodo System Cleaner Software Version 3.0 User Guide Guide Version 3.0.011811 Comodo Security Solutions 1255 Broad Street STE 100 Clifton, NJ 07013 Comodo System Cleaner - User Guide Table of Contents 1.Comodo System- Cleaner - Introduction ................................................................................................................................. 3 1.1.System Requirements......................................................................................................................................................... 5 1.2.Installing Comodo System-Cleaner..................................................................................................................................... 5 1.3.Starting Comodo System-Cleaner....................................................................................................................................... 9 1.4.The Main Interface............................................................................................................................................................ 10 1.5.The Summary Area........................................................................................................................................................... 11 1.6.Understanding Profiles...................................................................................................................................................... 12 2.Registry Cleaner......................................................................................................................................................................
    [Show full text]