Skip to main content
McAfee Enterprise MVISION Cloud

Cloud Storage Encryption rule set

The Cloud Storage Encryption rule set is a library rule set for encrypting and decrypting data that is uploaded to and downloaded from cloud storage services.

Library rule set – Cloud Storage Encryption
Criteria – Always
Cycles – Requests (and IM), Responses

The rule set contains the following rules. 

Rule Name  Rule  Description

Set encryption password

Always –> Continue – Set User-Defined.Encryption Password = "webgateway" The rule uses an event to set the default password for Secure Web Gateway as the password that is used when data is
encrypted.

 

Enable encryption

CloudEncryption.IsEncryptionSupported<Default> equals true –> Continue –
CloudEncryption.Encrypt(User-Defined.Encryption Password)<Default>
The rule uses the CloudEncryption.IsEncryptionSupported property to check whether encryption of data can
be performed. If this is the case, an event is used to perform the encryption.

 

Enable decryption

CloudEncryption.IsDecryptionSupported<Default> equals true –> Continue –
CloudEncryption.Decrypt(User-Defined.Encryption Password)<Default>
The rule uses the CloudEncryption.IsDecryptionSupported property to check whether decryption of data can
be performed. If this is the case, an event is used to perform the decryption.

Fix content type after decryption

CloudEncryption.IsDecryptionSupported<Default> equals true –> Continue – MediaType.Header.FixContentType The rule uses the CloudEncryption.IsDecryptionSupported property to check whether a decryption of cloud
storage data was performed.
If this is the case, an event is used to modify the Content-Type field in the header of the response that was
sent to deliver the data to Secure Web Gateway. Cloud storage services set this field by default to application/
octet-stream, as they are not able to recognize real media types when data is encrypted. The
MediaType.Header.FixContentType event sets the field to a value for a real media type.set to the value
This rule fixes the issue that cloud storage services set this field by default to application/octet-stream, as they
cannot recognize different media types when data is encrypted. The MediaType.Header.FixContentType event
sets the field to a value for the real media type.
The rule is not enabled by default.

 

 

 

 

Log encryption password

CloudEncryption.IsEncryptionSupported<Default> equals true –> Continue –
Set User-Defined.encrypt-log.=
DateTime.ToGMTString
+ ", User: "
+ Authentication.UserName
+ ", IP: "
+ IP.ToString (Client.IP)
+ ", Service: "
+ CloudEncryption.ServiceName
+ ", Cipher: "
+ CloudEncryption.CipherName<Default>
+ ", Password: "
+ User-Defined.EncryptionPassword
FileSystemLogging.WriteLogEntry (User-Defined.encrypt-log)<Encryption Log>
The rule uses an event to create a log entry for an encryption.
A second event is used to write this entry into the log called Encryption Log, which is specified by the event
settings. Since data is written into the log in encrypted format, you need a password to access it (default
password: webgateway).
The rule is not enabled by default.
  • Was this article helpful?