Forum Discussion
CirrostratusLooking for options - iRule, Traffic Policy, or Other to Protect PAN Data on Database VS
AdminIf you already have ASM, the correct option for you is the Data Guard feature which is purpose-built for exactly your use case. See here: https://devcentral.f5.com/s/articles/the-big-ip-application-security-manager-part-8-data-guard
jba3126Jason, Thank you for the quick response. Question, being that this is a Database i.e. a standard TCP VS would ASM be able to inspect this being that it is not HTTP?
/jeff
- JRahm
Ah, hasty response on my part, didn’t fully read your question. Let me do a little digging. Not super familiar with db2...will numbers be in the clear or need binary inspection?
- jba3126
Jason, No worries at all. I updated the post to make the TCP requirement more evident. The format is ASCII and EBCDIC and the numbers are in plain text.
/jeff
- JRahm
Ok, so this is tcp and cleartext data, so you have options. Looks in wireshark to be a well-understood protocol, so you can parse out by field with a TCP::collect and binary scan on the request to look for queries to any table that might have that information in it, and then activate a stream profile and use a stream match to sanitize the response data. You have to do the collection work and change the events to be TCP appropriate rather than HTTP, but this article has what you need for the CC replacement info. To add SSN for the iRule shared above, you can use this regex from this codeshare entry:
set static::ssn_regex {\d{3}-\d{2}-\d{4}}
