Académique Documents
Professionnel Documents
Culture Documents
S-GATE
Information Management
Agenda
What is S-GATE?
S-GATE Modes
S-GATE Configuration
S-GATE Actions
Using S-GATE Actions in Security Rules
Functionality Considerations
What is S-GATE?
Open Mode
Collector
3b
S-TAP passes requests to the
database server without any delay.
In this mode latency is not
Data Server
expected.
If a terminate action is triggered, the 2b
triggering request usually will not S-TAP
be blocked, but additional requests
from that session will be. K-TAP A-TAP
4a
1 2a
Application User
7
1 5
Privileged User
S-GATE Configuration
S-GATE Configuration
S-GATE Actions
■ S-GATE ATTACH
– Intended for use in open mode
– Starts firewalling for the session
– Latency will be observed
■ S-GATE TERMINATE
– Drops the reply of the request,
which will terminate the sessions
– Has effect only when the session is
attached or in closed mode by
default
■ S-GATE DETACH
– Intended for use in closed mode
– Stops firewalling for the session
– No more latency will be observed
S-TAP TERMINATE
■
– Instructs S-TAP to terminate the session
– The triggering request will not be blocked (unless session is attached), but this prevents
additional requests from that session.
– Behaves the same as S-GATE TERMINATE if the session is in closed mode
■ The session will be terminated if it makes a request that triggers a rule with
termination action
■ Default open mode assumes all sessions are safe. No delay observed by default
– S-TAP TERMINATE is used if an exception occurs or if sensitive data is extruded.
For example if numbers matching credit card pattern is being extracted then S-TAP
TERMINATE is applied to the session
– S-GATE ATTACH is used if the session shows signs of rogue behavior. For
example if session is connected past working hours then S-GATE ATTACH is
applied and session is in closed mode. Session will observe delays and is ready for
S-GATE TERMINATE
– S-GATE TERMINATE is used to terminate the session if more severe violations
occur after S-GATE ATTACH was applied. For example if sensitive customer
information is accessed then S-GATE TERMINATE is applied to the session
■ Default closed mode assumes all sessions are rogue. Delay observed by default.
– S-GATE DETACH is used when a session is deemed to be safe. For example if
the database session user is part of the trusted users groups then S-GATE
DETACH is applied to the session. Open mode scenarios will apply from this point
on
– S-GATE TERMINATE can be applied without S-GATE ATTACH since sessions are
already in closed mode. The above S-GATE TERMIANTE scenario is applicable
10 © 2011 IBM Corporation
Information Management
Functionality Considerations
Access Rule
Exception Rule
Extrusion Rule
Questions?
imte.optim.guardium@ca.ibm.com
S-GATE
Information Management