ONTAP Discussions

Data Loss Prevention Discover Software

paeddy
2,175 Views

Hi

Does anybody has experience on how to allow an external DLP Software (McAfee) having a sight to all NAS shares and also requests "modify rights" on them?

Kind Regards

Adrian 

2 REPLIES 2

Mjizzini
2,035 Views

Have you try to run the service under a domain admin user?

Make sure the user is a part of the local admin group.

paeddy
2,027 Views

Hi Mjizzini

 

Thank you for your answer.

 

I created a seperate group like the builtin/administrators-group with only the "SeTcbPrivilege"  and shared the "/" as read-only. This seems to work but I don't know if this is the right way to give access to a DLP-Application because the solution as that is bypassing all security settings set on shares (cifs) and exports (nfs). As soon as the DLP application requests modify rights I need to really think about that again.

 

We do not have "a general group" on all our shares where I simply could put the dlp-user into that group and access would be granted, and,  we do host millions of files.

 

Some more questions are:

Why DLP application asks for modify rights? I can not imagine what will be happen when the DLP client system catches malware or does wrong functions.

There are also aspects on auditing and performance..

 

I am really wondering on how do other NAS administrators handle DLP?

 

https://kb.netapp.com/Advice_and_Troubleshooting/Data_Storage_Software/ONTAP_OS/NTFS_permissions_on_a_CIFS_share_are_not_taking_effect_on_a_specific_u...

 

kind regards

Adrian

Public