cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
andreg
Level 7
Report Inappropriate Content
Message 1 of 4

Prevent data leakage from users uploads (Personal Share network and File Sharing categories)

Hi all, In order to prevent users to upload data to Personal Share network and File Sharing categories, I need to create a rule to block outgoing flow and allow incoming one (Download). Does anybody build this kind of rules? SSL Scanner is enable, so proxy will be able to decrypt flow.

I don't find simple rule to block these categories (ex: Wetransfer, box, dropbox, etc...), but only by Application Control (I don't know this feature).

My version of MWG is 9.2.8 (35765). Thank you for your feedback. Andre

3 Replies
asabban
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Prevent data leakage from users uploads (Personal Share network and File Sharing categories)

Hello,

categories won't help in this case as they are used to block complete access. In order to control "features" of such an "application", the application control feature is correct. It allows to filter in more detail for specific URLs. 

In order to allow/block specific features you need to work out the specific URLs or check if the request is a POST/GET request to allow/block access.

Usually you would manually make a rule like "URL matches upload.dropbox.com/upload AND Command.Name equals POST Then Block", to block uploads. In case the "upload" path within Dropbox changes, you would need to re-configure your rules.

The application control is exactly doing this thing. It knows an application and the URLs/methods used to call specific features within this application, so it might be the right thing for you.

Anyway it does not provide an "overall" configuration like "Do not allow uploads for any Personal Storage" web site. In such cases I would use a more generic approach and say "If URL.Categories contains Personal Storage AND Command.Name equals POST AND Body.Size > 20480 Then Block". This would allow all POSTS up to a size of 20 KB, so if should be allowing login attempts, but block an upload.

Note: Technically a POST to login, a POST to search and a POST to upload are the same. There is no such thing like "upload" in HTTP, so blocking all POSTs will prevent users from logging in. The size or maybe working with media type filter can help to make a difference between "upload" and login/search requests.

Andre 

andreg
Level 7
Report Inappropriate Content
Message 3 of 4

Re: Prevent data leakage from users uploads (Personal Share network and File Sharing categories)

Hello, thank you for your reply.

Your advise with "generic" approach works with some PSN like "grosfichiers" or "dropbox", but not with "wetransfer" which lets user upload a big files while MWG notify it is blocked? Strange. In attchment the rule and the ruletracing.

Best regards. Andre

asabban
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Prevent data leakage from users uploads (Personal Share network and File Sharing categories)

The rule seems to show that the upload is sueccessfully blocked. Can you check if the file that was uploaded is actually a usable file or just an empty object?

If the file is uploaded probably the try to upload and  in case that fails - call some other local code and upload using a different way. You should run the web developer tools of the browser and check if there is any other POST or PUT to some other destinaction, which contains the uploaded file.

Is there any other way for the browser to get to the internet, e.g. by ignoring the proxy or using UDP traffic? They may try to find an alternative way to upload the data once the first upload attempt is blocked.

Andre

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community