Watermarking
Watermarking is essentially marking files with a digital pattern to mark the file as being proprietary to a specific company. Fortinet provides a Linux-based utility that applies a digital watermark to files. The utility adds a small (approx. 100 byte) pattern to the file that is recognized by the DLP watermark filter. The pattern is invisible to the end user.
When watermarking a file it should be verified that the pattern matches up to a category found on the FortiGate firewall. For example, if you are going to watermark a file with the sensitivity level of “Secret” you should verify that “Secret” is a sensitivity level that has been assigned in the FortiGate unit.
Watermark Sensitivity
If you are using watermarking on your files you can use this filter to check for watermarks that correspond to sensitivity categories that you have set up.
The Corporate Identifier is to make sure that you are only blocking watermarks that your company has place on the files, not watermarks with the same name by other companies.
Software Versions
Before planning on using watermarking software it is always best to verify that the software will work with your OS. Currently, the only utility available to watermark files is a Linux-based command line tool. It is available for download from the Fortinet Customer Service & Support website, with a valid support contract and access to the site. To access the file:
- Sign into the Fortinet Customer Service & Support
- Go to https://support.fortinet.com/Download/FirmwareImages.aspx.
- Navigate to the image file path for /FortiGate / v5.00 / 5.0 / WATERMARK
- Download the file fortinet-watermark-linux.out.
File types
The watermark utility does not work with every file type. The following file types are supported by the watermark tool: .txt; .pdf; .doc; .xls; .ppt; .docx; pptx; and, .xlsx.
Syntax of the watermark utility
The tool is executed in a Linux environment by passing in files or directories of files to insert a watermark.
USAGE:
watermark_linux_amd64 <options> -f <file name> -i <identifier> -l <sensitivity level> watermark_linux_amd64 <options> -d <directory> -i <identifier> -l <sensitivity level>
Options:
-h print help
-I inplace watermarking (don’t copy file)
-o output file (or directory in directory mode)
-e encode <to non-readable>
-i add watermark identifier
-l add watermark sensitivity level
-D delete watermark identifier
-L delete watermark sensitivity level
Regular expression
The FortiGate unit checks network traffic for the regular expression specified in a regular expression filter. The regular expression library used by Fortinet is a variation of a library called PCRE (Perl Compatible Regular Expressions). A number of these filters can be added to a sensor making a sort of ‘dictionary’ subset within the sensor.
Some other, more limited DLP implementations, use a list of words in a text file to define what words are searched for. While the format used here is slightly different than what some people are used to, the resulting effect is similar. Each regular expression filter can be thought of as a more versatile word to be searched against. In this dictionary (or sensor), the list of words is not limited to just predefined words. It can include expressions that accommodate complex variations on those words and even target phrases. Another advantage of the individual filter model of this dictionary over the list is that each word can be assigned its own action, making this implementation much more granular.
Encrypted
This filter is a binary one. If the file going through the policy is encrypted the action is triggered.
Examining specific services
To assist in optimizing the performance of the firewall, the option exists to select which services or protocol traffic will be checked for the targeted content. This setting gives you a tool to save the resources of the FortiGate unit Enable data leak prevention
by only using processing cycles on the relevant traffic. Just check the boxes associated with the service / protocol that you want to have checked for filter triggers.