Credit Card Number Detection

[lammbo]

My Security officer has recently asked me if there is any CP feature (SD, AI or WI) that will check packets to determine if they have credit card data. Apparently, the NetScaler guys were trying to sell him this module so we can lock down where CC data is allowed to route.

Are there any CP features that do this already?

Edit: In retrospect, I guess I should have started this thread in the SmartDefense section... Oh well.

[BarryStiefel]

Quote:

Originally Posted by lammbo

My Security officer has recently asked me if there is any CP feature (SD, AI or WI) that will check packets to determine if they have credit card data. Apparently, the NetScaler guys were trying to sell him this module so we can lock down where CC data is allowed to route.

Are there any CP features that do this already?

Edit: In retrospect, I guess I should have started this thread in the SmartDefense section... Oh well.

(moved to SmartDefense forum)

[cciesec2006]

Quote:

Originally Posted by BarryStiefel

(moved to SmartDefense forum)

Yes, there are many of vendors out there that sell these devices. It is also
called Data Loss Prevention (DLP) appliance. Most financial service companies
put this device "in-line" along the path before the traffics hit the outbound
Internet firewalls.

Keep in mind that there limitations as what this device can do. It can not
decipher any data that will traverse through an SSL or SSH tunnel, not
without difficulties.

[chillyjim]

Quote:

Originally Posted by lammbo

My Security officer has recently asked me if there is any CP feature (SD, AI or WI) that will check packets to determine if they have credit card data.

None that I am aware of, but it sounds like a good idea.

[Thorpuse]

At the CPX event in Phuket, CP mentioned that DLP solutions are on their roadmap, although they didn't specify what this actually meant. They also mentioned SSL interception technologies.

I'd get in touch with your local friendly SE and ask some questions/submit an RFE on this. I think I'd be a little concerned about the performance implications of such a thing.

[lammbo]

Thanks guys! I was certain that would be the answer and I appreciate the confirmation.

I am curious about 1 item though. I actually had the SSL conversation with my security officer before I posted the first entry. Is there a way to offload SSL on the firewall so the data is decrypted and can be inspected at the firewall? Is the firewall capable of storing those certs for decryption purposes?

If this is documented somewhere and you could point me in the right direction, that would be appreciated (I have the R65 doc bundle and will start poking through on my own as well).

[gavvys]

Hi,
i had attended a McAfee conference sometime before and they have products for what you are searching for.
They have product DLP(Data loss prevention)you can set various policies in that even credit card number also.

The another product is there IPS/IDS, it has the ability to store the certificate and check the packets.

I hope this will help you.
Regards
Ranjit

[Thorpuse]

Quote:

Originally Posted by lammbo

I am curious about 1 item though. I actually had the SSL conversation with my security officer before I posted the first entry. Is there a way to offload SSL on the firewall so the data is decrypted and can be inspected at the firewall? Is the firewall capable of storing those certs for decryption purposes?

Not yet.... but there are other products (BlueCoat....) that will do this. IMHO, it makes more sense to manage this on a Proxy device rather than a firewall appliance. Although the whole concept of SSL interception terrifies me just a little bit!

[lammbo]

Quote:

Originally Posted by Thorpuse

Not yet.... but there are other products (BlueCoat....) that will do this. IMHO, it makes more sense to manage this on a Proxy device rather than a firewall appliance. Although the whole concept of SSL interception terrifies me just a little bit!

Thanks, I think that's where I heard about the SSL offloading... We had Blue Coat in here for a demo a few months back. As far as scary... only if I don't control the entire segment would I have issues with it. Since I own all the wires and equipment between, I have much less concern.

[hotice_]

Quote:

Originally Posted by gavvys

Hi,
i had attended a McAfee conference sometime before and they have products for what you are searching for.
They have product DLP(Data loss prevention)you can set various policies in that even credit card number also.

The another product is there IPS/IDS, it has the ability to store the certificate and check the packets.

I hope this will help you.
Regards
Ranjit

I concur with Ranjit. You should check out McAfee's (relatively) new DLP product. The demo that they showcase everywhere addresses this specifically and its pretty amazing