A] Mobile Prevent for Web Server - Basic configuration
B] Configuring the Mobile Prevent for Web Server
A] Mobile Prevent for Web Server - Basic configuration :
Detection servers are configured from each server's individual Configure Server screen. To display the Configure Server screen, go to the Overview screen (System > Servers > Overview) and click the name of the server in the list. That server's Server Detail screen appears. Click Configure to display the Configure Server screen.
A Mobile Prevent for Web Server Configure Server screen is divided into a general section and one tab:
a] General section. This section specifies the server's name, host, and port.
b] ICAP tab. This tab is for configuring Internet Content Adaptation Protocol (ICAP) capture.
Use the ICAP tab to configure Web-based network traffic. The ICAP tab is divided into the following sections:
c] The Trial Mode section enables you to test prevention without blocking traffic. When trial mode is selected, the server detects incidents and creates incident reports, but it does not block any traffic. This option enables you to test your policies without blocking traffic. Check the box to enable trial mode.
d] The Request Filtering section configures traffic filtering criteria:
Ignore Requests Smaller Than :
Specify the minimum body size of HTTP requests to inspect on this server. The default value is 4096 bytes. HTTP requests with bodies smaller than this number are not inspected.
Ignore Requests without Attachments :
Check this box to inspect only those HTTP requests that contain attachments.
Ignore Requests to Hosts or Domains :
Enter the host names or domains whose requests should be filtered out (ignored). Enter one host or domain name per line.
Ignore Requests from User Agents :
Enter the names of user agents whose requests should be filtered out (ignored). Enter one agent per line.
Note: The Response Filtering section is not supported for Mobile Prevent for Web.
The Response Filtering section configures the filtering criteria to manage HTTP responses:
e] The Connection section configures settings for the ICAP connection between an HTTP proxy server and the Mobile Prevent for Web Server:
TCP Port :
Specify the TCP port number that this server is to use to listen to ICAP requests. The same value must be configured on the HTTP proxy sending ICAP requests to this server. The recommended value is 1344.
Maximum Number of Requests :
Enter the maximum number of simultaneous ICAP connections from the HTTP proxy that are allowed. The default is 25.
Maximum Number of Responses :
Enter the maximum number of simultaneous ICAP response connections from the HTTP proxy or proxies that are allowed. The default is 25.
Connection Backlog :
Enter the maximum number of waiting connections allowed. Each waiting connection means that a user waits at their browser. The minimum value is 1.
f] The Mobile section configures settings for the Mobile Prevent for Web Server.
Mobile IP Ranges :
The range of IP addresses that your VPN Server is configured to assign to your mobile devices. The IP addresses are used to identify your mobile devices in the reporting section.
In addition to the settings available through the Configure Server screen, you can specify advanced settings for this server. To specify advanced configuration parameters, click Server Settings on the server's Overview screen. Use caution when modifying Advanced Server settings. Check with Symantec Support before you change any advanced setting.
B] Configuring the Mobile Prevent for Web Server :
You can use a number of configuration options for Mobile Prevent for Web Server. For example, you can configure the server to:
Ignore small HTTP/S requests or responses.
Ignore requests to or responses from a particular host or domain (such as the domain of a business subsidiary).
Ignore user search engine queries.
To modify your Mobile Prevent for Web Server configuration please follow the below procedures....
Procedure Step 1 : Go to System > Servers > Overview and click the Mobile Prevent for Web Server.
Procedure Step 2 :On the Server Detail screen that appears, click Configure.
You can verify or modify settings on the ICAP tab as described in subsequent steps. The tab is divided into several sections: Request Filtering, Response Filtering, and Connection.
Procedure Step 3 :Verify or change the Trial Mode setting.
Procedure Step 4 :Verify or modify the filter options for requests from HTTP clients (user agents). The options in the Request Filtering section are as follows:
Ignore Requests Smaller Than :
Specifies the minimum body size of HTTP requests to inspect. (The default is 4096 bytes.) For example, search-strings typed in to search engines such as Yahoo or Google are usually short. By adjusting this value, you can exclude those searches from inspection.
Ignore Requests without Attachments :
Causes the server to inspect only the requests that contain attachments. This option can be useful if you are mainly concerned with requests intended to post sensitive files.
Ignore Requests to Hosts or Domains :
Causes the server to ignore requests to the hosts or domains you specify. This option can be useful if you expect a lot of HTTP traffic between the domains of your corporate headquarters and branch offices. You can type one or more host or domain names (for example, www.company.com), each on its own line.
Ignore Requests from User Agents :
Causes the server to ignore requests from user agents (HTTP clients) you specify. This option can be useful if your organization uses a program or language (such as Java) that makes frequent HTTP requests. You can type one or more user agent values (for example, java/6.0.29), each on its own line.
Note: The Response Filtering options are not supported for Mobile Prevent.
Procedure Step 5 : Verify or modify the filter options for responses from Web servers. The options in the Response Filtering section are as follows:
Ignore Responses Smaller Than :
Specifies the minimum size of the body of HTTP responses that are inspected by this server. (Default is 4096 bytes.)
Inspect Content Type :
Specifies the MIME content types that Symantec Data Loss Prevention should monitor in responses. By default, this field contains content-type values for Microsoft Office, PDF, and plain text formats. To add others, type one MIME content type per line. For example, type application/wordperfect5.1 to have Symantec Data Loss Prevention analyze WordPerfect 5.1 files.
Note that it is generally more efficient to specify MIME content types at the Web proxy level.
Ignore Responses from Hosts or Domains :
Causes the server to ignore responses from the hosts or domains you specify. You can type one or more host or domain names (for example, www.company.com), each on its own line.
Ignore Responses to User Agents :
Causes the server to ignore responses to user agents (HTTP clients) you specify. You can type one or more user agent values (for example, java/1.4.2_xx), each on its own line.
Procedure Step 6 : Verify or modify settings for the ICAP connection between the HTTP proxy server and the Mobile Prevent for Web Server. The Connection options are as follows:
TCP Port :
Specifies the TCP port number over which this server listens for ICAP requests. This number must match the value that is configured on the HTTP proxy that sends ICAP requests to this server. The recommended value is 1344.
Maximum Number of Requests :
Specifies the maximum number of simultaneous ICAP request connections from the HTTP proxy or proxies. The default is 25.
Maximum Number of Responses :
Specifies the maximum number of simultaneous ICAP response connections from the HTTP proxy or proxies. The default is 25.
Connection Backlog :
Specifies the number of waiting connections allowed. A waiting connection is a user waiting for an HTTP response from the browser. The minimum value is 1. If the HTTP proxy gets too many requests (or responses), the proxy handles them according to your proxy configuration. You can configure the HTTP proxy to block any requests (or responses) greater than this number.
Procedure Step 7 : In the Mobile IP Ranges fields, enter the range of IP addresses that your VPN server is configured to assign to mobile devices. The IP addresses are used to identify the incidents that were triggered from mobile devices as Mobile incidents.
The IP addresses you enter into this range do not dynamically affect the VPN Server. This range is only to identify your mobile devices in the administration console. You must enter the exact same range of IP addresses when you configure the VPN Server to assign the addresses.
Procedure Step 8 : Click Save to exit the Configure Server screen and then click Done to exit the Server Detail screen.