Forum Discussion
Nik_67256
Aug 07, 2012Nimbostratus
Data Guard - End users perspective
Hello All,
Im trying to understand data guard better fro man end user perspective. The queries are:-
1) What effect does checking the SSN checkbox and not checking mask ...
hooleylist
Aug 08, 2012Cirrostratus
Hi Nik,
1) What effect does checking the SSN checkbox and not checking mask checkbox have ?
No effect:
From the online help:
If the security policy’s enforcement mode is Transparent and the Mask Data check box is checked, the system encodes the sensitive data by returning asterisks to the client instead of the sensitive data. (The system also returns asterisks if the enforcement mode is Blocking, the Data Guard: Information leakage detected violation Block check box is cleared, and the Alarm check box is checked.)
If the security policy’s enforcement mode is Blocking, and the Block check box for the Data Guard: Information leakage detected violation is checked, the system blocks the response.
You can check SOL8363 for details on Data Guard:
sol8363: Using the Mask Data setting to encode sensitive data returned by the BIG-IP ASM
https://support.f5.com/kb/en-us/solutions/public/8000/300/sol8363.html
When the security policy is in Transparent mode and the Mask Data setting is selected, the BIG-IP ASM encodes sensitive data returned by the web server by returning asterisk ( * ) characters to the client instead of the sensitive data.
When the security policy is in Blocking mode and the Mask Data setting is selected, and Information leakage detected blocking is disabled, the BIG-IP ASM encodes sensitive data by returning asterisks to the client instead of the sensitive data.
2) Will checking the mask data as well completely mask (****) the SSN . If so how are legitimate end users who need to work with the SSN work
Yes. They couldn't. How do you want ASM to differentiate between legitimate end users and those that should not be able to retrieve content containing SSNs? If you can differentiate between legitimate and illegitimate users you could send them to separate ASM policies with the check disabled.
3) I believe if in transparent mode and mask data and SSN is enabled , then SSN gets displayed as "*****" - is this understanding correct ?
Yes, see 1)
4) I believe if in Block mode and mask data and SSN is enabled , then SSN gets Blocked ot the end user - is this understanding correct ?
Yes, see 1)
5) If we do need to allo SSN data to be displayed to some end users while mask SSN data data to others , how do we do it ?
See 2)
Aaron
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects