Red Hat NETWORK 3.6 - Guía de usuario descargar pdf (Pagina 46)

The statement above ensures that they are posting to the host “login.myspace.com”.

Finally, we have a match and regex statement that detects the user’s login credentials:

match=email=

regex=email=.*%40[^&]+

Putting it all together, we have a single plugin as follows:

id=9000

family=Web Clients

clientissue

dependency=1735

name=MySpace_Usage

description=The remote client was observed logging into a myspace.com

account. You should ensure that such behavior is in alignment with

Corporate Policies and guidelines. For your information, the user account

was logged as: %L e

risk=MEDIUM

solution=Stay off MySpace.

match=>POST /

match=^Host: login.myspace.com

match=email=

regex=email=.*%40[^&]+

This plugin could be named myspace.prm and added into the /opt/pvs/var/pvs/plugins/

directory. If the SecurityCenter is being used to manage one or more PVS systems, use the

plugin upload dialog to add the new .prm file.

If you wish to create a policy file that includes multiple checks, use the reserved word

“NEXT” within the policy file. For example:

id=9000

…

rest of plugin

…

id=9001

…

etc.

Detecting Confidential Data in Motion

Many organizations want to ensure that confidential data does not leave the network. PVS

can aid in this by looking at binary patterns within observed network traffic. If critical

documents or data can be tagged with a binary string, such as an MD5 checksum, the PVS

will have the ability to detect these files being passed outside the network. For example:

Create a document that has a binary string of:

1 2 ... 41 42 43 44 45 46 47 48 49 50 51 ... 60 61

Sin comentarios

Red Hat NETWORK 3.6 - Guía de usuario Pagina 46