Data Masking Policy

Introduction

Manage the data masking policy settings of the Unified Content Web-Service Inspector (UCWI) device on the page DLP (DCP) Management > Desensitization Management > Data Masking Policy.

A data masking policy includes the following information.

Basic Information

A data masking policy includes the following basic information.

Name - Enter the name which is identical from other items.
Note: The name field supports Chinese characters, English characters, numbers, and certain special characters. You cannot save the item if an unsupported character is entered.
Description - Describe the use of the item.
Tip: The description field should contain all necessary information that the security administrator needs to manage the item in the long run.
Note: The entered name cannot be exactly the same name as an existing or predefined item.
Data Masking Policy Level - The level of the data masking policy. The data masking policy level is exactly the same as the security policy.
Status - Click on the side button to enable or disable the item.

Channels

Channels are used to set the protocols and methods that the policy can recognize, making it convenient for security management to manage the proxy protocols of concern.

Data masking policies support the following channels.

Network Channel	Explanation
HTTP	Supports content inspection of Web network channels using the HTTP protocol.
WebService Application	Supports content inspection of cloud application APP channels where data is uploaded via API by third parties.
Email SMTP	Supports content inspection of the Email SMTP protocol channel. You can specify the direction of the email for inspection, such as inbound emails, outbound emails, and internal emails. Defined as email in the API interface. Emails also include: Inbound Email - The sender's email domain name is not an internal domain name. Outbound Email - The sender's email domain name is an internal domain name. Internal Email - Data security/Web security devices set internal domain names through MTA. Open Relay - Both the sender and recipient are external domain names.

Network Channel

Explanation

HTTP

Supports content inspection of Web network channels using the HTTP protocol.

WebService Application

Supports content inspection of cloud application APP channels where data is uploaded via API by third parties.

Email SMTP

Supports content inspection of the Email SMTP protocol channel. You can specify the direction of the email for inspection, such as inbound emails, outbound emails, and internal emails. Defined as email in the API interface.

Emails also include:

Inbound Email - The sender's email domain name is not an internal domain name.
Outbound Email - The sender's email domain name is an internal domain name.
Internal Email - Data security/Web security devices set internal domain names through MTA.
Open Relay - Both the sender and recipient are external domain names.

Source/Destination

Click the Source/Destination tab, and select the destination or source in the match or exception area.

Actions

Data masking policies support the following action-related settings.

Data Masking Algorithm: Click the drop-down menu to select the data masking algorithm.
Policy Security Level: Click the checkbox to select the security level of the data masking policy.

Additional Actions: Configure different actions for different protocol channels when a policy is triggered.

Option	Explanation
Confirm	The action of sending or uploading sensitive information must be confirmed before it can be allowed.
Audit	Inspect all monitored channels.
Protect	Inspect all protected channels.

Note: The above policy actions are only used to record network events, evidence, or send notifications for data masking policies; actions such as allowing and blocking channels do not take effect for data masking policies.

Note: If an event triggers both the Data Loss Prevention (DLP) policy and the data masking policy, the system will record the events of both policies separately according to different policy types without conflict.