How to Block Transmission of Credit Card and Social Security Numbers Over Email

03/26/2020 9 13096

DESCRIPTION:

Reassembly-Free Regular Expressions for DPI Engine

Starting with SonicOS 5.9, SonicWall has added reassembly-free regular expression functionality to the SonicWall Reassembly-Free Deep Packet Inspection (RF-DPI) engine. This proprietary implementation of regular expression matching does not require any buffering of the input content and works across packet boundaries. Users can now apply regular expressions to match objects in App Rules and use them across all currently supported application protocols and policy types. SonicWall supports perl-compatible regular expressions syntax. A few typical regular expression features are not supported: In this release SonicWall does not support back-references and does not provide substitution or translation functionality since regular expressions are used only for inspection of network traffic—not for modifying any part of the traffic.

The following predefined regular expressions are available in match objects:

• VISA CC
• US SSN
• CANADIAN SIN
• ABA ROUTING NUMBER
• AMEX CC
• MASTERCARD CC
• DISCOVER CC

This article describes how to configure these predefined regular expressions to block transmission of Credit Card and Social Security numbers over SMTP and POP3.

RESOLUTION:

Block outbound mail (SMTP) containing credit card numbers, social security numbers and ABA routing numbers.

• Login to the SonicWall management GUI
• Navigate to the Manage | Objects | Match Objects
• Click on Add New Match Object.
• In the Add/Edit Match Object window, enter the following:
  • Name: Specify a name for this match object
  • Match Object Type: File Content
  • Match Type: Regex Match. Note: The pre-defined regular expression list will be displayed only on selecting Regex Match as Match Type,
  • Select any of the following from the Pre-defined Regular Expression drop-down list and click on Pick.
    • VISA CC
    • US SSN
    • CANADIAN SIN
    • ABA ROUTING NUMBER
    • AMEX CC
    • MASTERCARD CC
    • DISCOVER CC
• For the purpose of this article we select VISA CC
• Click on OK to save.

Note: Match object type File Content can only be used in App Rule policies with App Rule Policy Type of SMTP Client, FTP Data Transfer

Navigate to the Manage | Rules | App Rules page.
Click on Add New Policy and create the following App Rule policy:

• Policy Type: SMTP Client
• Service Destination: SMTP
• Match Object: PII
• Action Object: Reset/Drop
• Direction: Both
  

Block inbound mail (POP3) containing credit card numbers, social security numbers and ABA routing numbers.

• Navigate to the Manage | Objects |Match Objects
• Click on Add New Match Object.
• In the Add/Edit Match Object window, enter the following:
  • Name: Specify a name for this match object
  • Match Object Type: Email Body
  • Match Type: Regex Match. Note: The pre-defined regular expression list will be displayed only on selecting Regex Match as Match Type,
  • Select any of the following from the Pre-defined Regular Expression drop-down list and click on Pick.
    • VISA CC
    • US SSN
    • CANADIAN SIN
    • ABA ROUTING NUMBER
    • AMEX CC
    • MASTERCARD CC
    • DISCOVER CC
• For the purpose of this article we select VISA CC
• Click on OK to save.

Navigate to te Manage |Rules | App Rules page.
Click on Add New Policy and create the following App Rule policy:

• Policy Type: POP3 Server
• Service: POP3 (Retrieve E-Mail)
• Match Object: Visa
• Action Object: Reset/Drop
• Connection Side: Server Side