IBM Security Guardium

 View Only
  • 1.  MS-SQL Blocking policy issue

    Posted Sat October 17, 2020 06:31 AM
    Hi,

    I have created policy in Guaridum for MS-SQL server to block the select or drop command, but while connect database itself, unable to login because many queries running in background while connecting, how can I overcome it?

    Error while login to database(created blocking policy for select &drop commands):


    Thanks,
    Panendar Rao.C

    ------------------------------
    PHANENDRA RAO CHAVANA
    ------------------------------


  • 2.  RE: MS-SQL Blocking policy issue

    Posted Thu October 22, 2020 12:29 AM
    Hi,

    Anybody can help me with my issue?

    Thanks,
    Panendar Rao.C

    ------------------------------
    PHANENDRA RAO CHAVANA
    ------------------------------



  • 3.  RE: MS-SQL Blocking policy issue

    Posted Mon October 26, 2020 09:54 AM
    If your policy is set to block for select, then it is expected. You need to refine your policy to block only on specific conditions like "DELETE" on specific group of objects.

    ------------------------------
    PRASAD Bandaru
    ------------------------------



  • 4.  RE: MS-SQL Blocking policy issue

    Posted Wed October 28, 2020 04:16 AM

    Looks that blocking works :)

    You must set correct conditions in policy blocking rules to approve allowed accesses.



    ------------------------------
    Zbigniew (Zibi) Szmigiero
    IBM
    Międzyrzecz
    ------------------------------



  • 5.  RE: MS-SQL Blocking policy issue

    Posted Fri March 25, 2022 12:15 PM
    have you experiences performance issue when activating the blocking policies?
    we found that apps will get very long response than usual after applying the blocking policies. It makes success rate drop below 25% as usual because so many process were dropped after apps receiving time-out.

    ------------------------------
    Murdjoko ...
    ------------------------------



  • 6.  RE: MS-SQL Blocking policy issue

    Posted Thu March 31, 2022 02:52 PM
    You must have very specific Sgate attach criteria.
    Trusted connections from an application should be excluded from Sgate rules.
    Blocking is most effective when only privileged users coming in from a tool like DBBeaver, Toad, or SQLPLus are interrogated

    ------------------------------
    David Summers
    djsummer@us.ibm.com
    ------------------------------