Forum Discussion

jba3126's avatar
jba3126
Icon for Cirrus rankCirrus
Jul 09, 2019

Looking for options - iRule, Traffic Policy, or Other to Protect PAN Data on Database VS

We have a DB2 database that we need to scrub/mask SSN (Social Security) and CCN (CreditCard). Note: This is a TCP Virtual Server as it is a database via JDBC.   iRules that work scrubbing HTTP Req...
application delivery
BIG-IP
CCN
DB2
iRules
PAN
SSN
jba3126's avatar
jba3126
Icon for Cirrus rankCirrus

Jason, Thank you for the quick response. Question, being that this is a Database i.e. a standard TCP VS would ASM be able to inspect this being that it is not HTTP?

 

/jeff

JRahm's avatar
JRahm
Icon for Admin rankAdmin
Jul 10, 2019

Ok, so this is tcp and cleartext data, so you have options. Looks in wireshark to be a well-understood protocol, so you can parse out by field with a TCP::collect and binary scan on the request to look for queries to any table that might have that information in it, and then activate a stream profile and use a stream match to sanitize the response data. You have to do the collection work and change the events to be TCP appropriate rather than HTTP, but this article has what you need for the CC replacement info. To add SSN for the iRule shared above, you can use this regex from this codeshare entry:

set static::ssn_regex {\d{3}-\d{2}-\d{4}}