Lab 7: SSL Visibility for DLP (ICAP)
In this lab exercise, you will send decrypted traffic to an ICAP-based
Data Loss Prevention (DLP) service for inspection. The DLP will block
HTTP POSTs (uploads) of certain content such as credit cards numbers and
documents with Top Secret data classification labels.
Estimated completion time: 15 minutes
Objectives:
- Re-configure the SWG iApp to send unencrypted HTTP and decrypted
HTTPS traffic to an ICAP (DLP) server
- Verify that the DLP service is able to see SWG proxy traffic and
block if a policy violation occurs
Lab Requirements:
- Working SWG iApp deployment
Task 2 – Testing
- Open Internet Explorer on your Jump Host client machine
- Browse to http://dlptest.com
- If you are prompted for authentication, login as
user1
with
password AgilityRocks!
- Click on the HTTP Post link at the top of the page.
- Fill in the Subject and Message fields with some random text
and then add a credit card numbers such as 4111 1111 1111
1111.
- Click on the Submit button to see if the DLP service detects
this. *Hint: You should receive a blocking page message.*
- Go back to the previous page try submitting again but with the words
top secret. Again, you should receive a blocking page from
the DLP service.
- Now, go back to the previous page and click on the HTTPS Post
link at the top of the page.
- Perform the credit card number and top secret submissions
again. You should again see the blocking pages since SWG is
decrypting the HTTPS connection and sending the decrypted POST data
to the DLP service for inspection.
- If you want to see the DLP policy violations, browse to
https://10.1.20.150/logs. Log in as
mydlp
with password
mydlp
.