Ask the Expert

How to create configuration management plans to install DLP

Our company is looking to deploy a new DLP product, and my question has to do with the security management aspect. What configuration management planning should we do beforehand to make sure our networks and applications are ready?

    Requires Free Membership to View

Fortunately, this can be a pretty straightforward operation, though potentially time consuming. For starters, gather diagrams of the portions of the network that you are intending to protect. These diagrams should include all relevant routers, switches and servers, as well as their IP addresses and netmasks. Ideally the security team already has access to this information, or this project will take a lot longer. These diagrams are important so the company and the vendor have the necessary documentation in order to find the optimal place to install the DLP servers.

In addition to the network documentation, network access is necessary. The exact nature of the access will depend on how the company is deploying the DLP sensor. For a passive/monitoring-only deployment, you will need access to either a span port or network tap on the appropriate VLAN(s). This will enable the DLP sensor to monitor traffic without interfering with the traffic's flow across the network.

Alternately, for an active deployment, you will need a slightly different architecture. In this case, the network will actually be routing traffic through the DLP sensor. As such, work with the vendor and the networking team to find an agreeable routing protocol. In most cases, static routes will suffice.

Preparing the documentation and planning the network architecture ahead of time will not only speed up the deployment but also make it, ultimately, a more successful one.

For more information:

This was first published in March 2009

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: