Setting up a MyDLP server

MyDLP is a free and open source data loss prevention software that runs with multi-site configurations on network servers and endpoint computers. MyDLP is currently supported only on Ubuntu. You can download a preconfigured MyDLP Server Installation Disk Image from the MyDLP website. This is a short article on how I setup MyDLP on a brand new server system.

Install Ubuntu

I had an Ubuntu 12.04 (Precise Pangolin) image available, and decided to use it for the new server. Since the server system did not have an Optical Drive, I had to create a bootable USB media. For creating the bootable USB drive from the ISO file, I used Linux Live USB Creator from on a Windows PC. The procedure was simple

  1. Select the USB Media (USB Key)
  2. Choose the source media (ISO file / CD ROM)
  3. Optionally, configure the advanced options. (I disabled the VirtualBox options, since the USB drive will be used only as an installation media)
  4. Click on the lightning button to create the bootable USB drive

Plugin the USB drive to your computer. Boot to BIOS settings and select the USB drive as the primary hard disk. Save the changes and restart. If everything went fine, the system will boot to the Ubuntu installation screen.

Install MyDLP

If you are not installing Ubuntu from the the pre configured MyDLP Server Installation Image, you need to install MyDLP separately. To install MyDLP, the MyDLP repository  needs to be added to apt repositories list.

First of all, install the public key for the repository
wget -q -O - http://ftp.linux.org.tr/mydlp/mydlp_repository.pub | sudo apt-key add -

Once the key is successfully installed, add the MyDLP repository using
sudo add-apt-repository "deb ftp://ftp.linux.org.tr/mydlp/ubuntu precise main"

Update apt to reload the repositories.
sudo apt-get update

Now that the repository is configured, we are ready to install MyDLP and its dependencies.
sudo aptitude install mydlp mydlp-appliance squid3-ssl

During the installation process, you will be prompted to set MySQL root password. MyDLP had trouble connecting to the MySQL database, when I used a non-empty password. So when you are installing for the first time, it is better to leave the passwords blank.

If the installation completed successfully, you will be able to login to the MyDLP web UI by visiting
http://127.0.0.1/

The default username and password for the MyDLP web appliance is mydlp. Replace 127.0.0.1 with your server ip address, if you are installing on a remote server.

Now you should be having a Squid proxy server listening on port 3128 of the server. To test the new DLP server, add some test policy rules using the MyDLP web UI. Update your router firewall to block direct internet access from your workstations. Configure the workstations to use the squid server installed on your new server as proxy server. Try browsing the internet from the workstation. If your server is properly setup, you can see that your requests are blocked / allowed based on your configured rules. The blocked requests will be listed in the logs section of web UI for audit purpose.

I used iptables on my TomatoUSB router to transparently redirect all traffic through my proxy server. The main advantage of configuring the proxy at the router level is that you don’t have to configure each workstation separately. Also, you can easily configure the router to block all internet access, except through the proxy.