What is dlptest.com used for?

DLPTest.com is a Data Loss Prevention (DLP) testing resource that focuses on testing to make sure your DLP software is working correctly. If DLP has been installed correctly and the DLP policies have been built correctly, this website can be used to demonstrate your data is being protected. Data Loss Prevention is typically broken into three vectors called Data-In-Use (DIU), Data-At-Rest (DAR), and Data-In-Motion (DIM). DLPTest.com currently has features to test Data-In-Use and Data-In-Motion.

What is Data-In-Use?

Data-In-Use also known as Endpoint Protection requires installing an Endpoint Agent on the user computers. The Endpoint Agents should be installed on laptops, desktops, and virtual desktops such has Citrix VDI. Once the Endpoint Agent has been installed the DLP software can be setup to monitor different channels. Most vendors support USB transfers, CD/DVD burning, moving data from Network Shares, monitoring web browsers (IE, Chrome, Firefox), FTP transfers, and cloud storage as supported channels for monitoring.

What is Data-In-Motion? 

Data-In-Motion is the ability to monitor traffic on the network including but not limited HTTP, HTTPS, FTP, and SMTP. Data-In-Motion is typically broken into 3 different modules in order to integrate with different parts of the network. The simplest module is the Network Monitor which most vendors require a physical server due to limitation with virtual network cards and the Network Monitor monitors traffic using a SPAN port or Network Tap. The major limitation with Network Monitor is that it can only look at unencrypted traffic so it is unable to view HTTPS and SMTP over TLS. Most security vendors state that 60% to 80% of all enterprise network traffic is encrypted at this point. In order to gain insight with encrypted traffic there are the Email Prevent and Web Prevent modules. Email Prevent should sit in line in between the email router (Exchange) and the edge MTA (Email Gateway) to monitor outbound email traffic. Web Prevent is used to integrate with a Web Proxy using the ICAP protocol to monitor HTTP, HTTPS, and FTP traffic. Some vendors offer Web Prevent built into their Web Proxies to help simplify the deployment.

Frequently Asked Questions

  1. Open command line or terminal for Mac
  2. Change to the location of the test files example:

cd C:\Users\user1\Desktop

  1. Connect to the DLPTest.com FTP Server

ftp ftp.dlptest.com
ftp ftp.dlptest.com -p (Mac)

  1. Use the following username and password

User: dlpuser@dlptest.com

Password: Refer to this page for the newest password https://dlptest.com/ftp-test/

  1. Run a put to upload the test file

put testdoc.docx

  1. Compile a list of the Exchange and edge MTA IP Addresses
  2. Within the edge MTA settings update the Allow Relay and add in the new DLP Email Prevent IP Addresses
  3. Within the DLP Email Prevent configuration make sure to setup the forward address to the MTA IP Address, add in the allow relay to only allow Exchange to send to Email Prevent, and validate the port to accept and relay are correct (25 is most cases)
  4. On Exchange create a new send connector to point to a test domain in which a test email address is hosted. Example the send connector could be for gmail.com and all email sent to Gmail would go through Email Prevent
  1. Validate that the proxy is setup to send all PUT/POSTS to the Web Prevent servers via ICAP
  2. Validate that the browser on the test workstation is being filtered by the proxy
  3. Enable a test social security number and credit card number policy
  4. Copy the sample test data for the dlptest.com/sample-data page
  5. Post to sample test data on the dlptest.com/http-post and dlptest.com/https-post
  6. The last recommendation is run through the testing first in a monitor mode and then turn on blocking and run through the testing again
  1. If Email Prevent is already in production you can follow the next steps without any issue, if Email Prevent is not in production follow the steps for initial Email Prevent testing
  2. Enable a test social security number and credit card number policy
  3. Copy the sample test data for the dlptest.com/sample-data page
  4. Created a text or Word document with the sample data and upload the text or Word document to dlptest.com/ftp-post
  5. Run a few email tests to an external email address to validate incidents are created when the sample data is in attachments and within the email body
  6. The last recommendation is run through the testing first in a monitor mode and then turn on blocking and run through the testing again
  1. Validate that the Network Monitor is see both HTTP and FTP traffic by looking a traffic stats
  2. Enable a test social security number and credit card number policy
  3. Copy the sample test data for the dlptest.com/sample-data page
  4. Post to sample test data on the dlptest.com/http-post
  5. Created a text or Word document with the sample data and upload the text or Word document to ftp://ftp.dlptest.com/24_Hour/. If you are not sure how to complete an FTP Upload, there is another FAQ below for this action.
  6. Network Monitor is a monitor only device so you are unable to test block
  7. If you are not seeing incidents troubleshooting can be done by running a Wireshark capture on the Network Monitor to validate the correct traffic is being seen
  1. Enable monitoring web browsers and FTP transfer channels
  2. Enable a test social security number and credit card number policy
  3. Copy the sample test data for the dlptest.com/sample-data page
  4. Post to sample test data on the dlptest.com/http-post and dlptest.com/https-post
  5. Created a text or Word document with the sample data and upload the text or Word document to ftp://ftp.dlptest.com/24_Hour/. If you are not sure how to complete an FTP Upload, there is another FAQ below for this action.
  6. The last recommendation is run through the testing first in a monitor mode and then turn on blocking and run through the testing again

Load More