Prevent credit card numbers from being leaked

Facebooktwittergoogle_plusredditpinterestlinkedinFacebooktwittergoogle_plusredditpinterestlinkedin

In this example, you will use DLP to prevent credit card numbers from being sent out of your network using HTTP, FTP, or SMTP.

1. Enabling DLP

Go to System > Config > Features and make sure that DLP is turned ON.  

2. Adding two filters to the default DLP sensor

Go to Security Profiles > Data Leak Prevention and edit the default sensor. Select Create New to add a new filter.

The first filter blocks web pages and email Messages containing credit card numbers.

 

The second filter blocks Files containing credit card numbers. This includes email attachments and files uploaded with a web browser or using FTP.

 
Both filters appear in the default sensor.  

3. Adding the new DLP sensor to a security policy

Go to Policy & Objects > Policy > IPv4 and edit the policy that allows connections from the internal network (in this case connected to the lan interface) to the Internet.

Under Security Profiles, turn on DLP Sensor and use the default sensor. Set SSL/SSH Inspection to deep-inspection.

 

4. Results

Locate some example credit card numbers to use for testing purposes. These can be found from a variety of locations, including PayPal

Testing HTTP: Go to a website with a comment section and attempt to post an example credit card number. The comment is blocked.

Testing FTP: Transfer a file containing an example credit card number using FTP. This transfer is blocked.

Testing SMTP: Send an email containing an example credit card number using a SMTP email client. This email is blocked. 

To view more information about the blocked traffic, go to Log & Report > Traffic Log > Forward Traffic and filter for Security Actions: Blocked.

 

For further reading, check out Data leak prevention in the FortiOS 5.2 Handbook.

Victoria Martin

Victoria Martin

Technical Writer & Head Cookbook Chef at Fortinet
Victoria Martin works in Ottawa as part of the FortiOS technical documentation team. She graduated with a Bachelor's degree from Mount Allison University, after which she attended Humber College's book publishing program, followed by the more practical technical writing program at Algonquin College. She does need glasses but also likes wearing them, since glasses make you look smarter.
Victoria Martin
  • Was this helpful?
  • Yes   No
Using the deep-inspection profile may cause certificate errors. For information about avoiding this, see Preventing certificate warnings.
  • Pique

    when we select the default option of Credit Card # or SSN what RegEx does Fortigates use to identify the payload. I have few emails that are triggering this DLP alerts and have no credit card information in them.