Defining Strictest Security

You may choose to define the strictest environment possible. Using these settings ensures that data transmissions are always checked for Data Loss PreventionClosed Check Point Software Blade on a Security Gateway that detects and prevents the unauthorized transmission of confidential information outside the organization. Acronym: DLP., even if the transmission is from and within your secured environment.

Important - You must ensure that legitimate transmissions are not blocked and that Data Owners are not overwhelmed with numerous email notifications. If you do use the settings explained here, set the actions of rules to Detect until you are sure that you have included all legitimate destinations in this strict definition of what is the internal My Organization.

To define a strict My Organization:

  1. In SmartConsoleClosed Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on., select Security PoliciesClosed Collection of rules that control network traffic and enforce organization guidelines for data protection and access to resources with packet inspection. > Shared Policies > DLP and click Open DLP Policy in SmartDashboard.

    SmartDashboardClosed Legacy Check Point GUI client used to create and manage the security settings in versions R77.30 and lower. In versions R80.X and higher is still used to configure specific legacy settings. opens and shows the DLP tab.

  2. From the navigation tree, click My Organization.

  3. In the Email Addresses section, remove the defined items.

  4. Configure the VPN settings:

    1. In the VPN section, click All VPN traffic.

    2. Click Exclusions.

    3. In the VPN Communities window, add the communities that are NOT checked by DLP.

    4. Click OK.

  5. Configure the Networks settings:

    1. In the Networks section, click Select specific networks and hosts.

    2. Click Edit.

    3. In the Networks and Hosts window, select the defined Check Point network objects to include in My Organization.

    4. Click OK.

  6. Configure the Users settings:

    1. In the Users section, click These users, user groups and LDAP groups only.

    2. Click Edit.

    3. In the User Groups and Users window, select the defined users, user groups, and LDAP groups that you want to include in My Organization.

    4. Click OK.

  7. Click Save and then close SmartDashboard.

  8. In SmartConsole, install policy.