Hi Murdjoko,
One commonly used approach is to keep the STAP firewall in hybrid mode:
firewall_installed=1
firewall_default_state=0
identify your "safe", latency-sensitive application sessions like multi-user applications and create a group with these sessions.
Client IP/Source Program/DB User/ Server IP/Service NameConfigure a rule to "S-GATE attach" for any session that is
not one of these "safe" sessions
You can then create the rule that terminates any of these other sessions that attempt to write to sensitive objects
This should keep your application server sessions out of the firewall and eliminate latency for these critical sessions.
You have to be very careful in identifying the safe sessions though. Always best to test it first with an alert rule before implementing blocking
Regards
------------------------------
----------------------------
Olufemi "Femi" Adalemo
----------------------------
------------------------------
Original Message:
Sent: Sat March 26, 2022 05:02 AM
From: Murdjoko ...
Subject: Guardium Data Protection Blocking Policy
dear all,
anybody has experiences on blocking policy:
- how many percent of latency or impact on performance drops?
- any idea to optimize the policy to reduce the dropped performance
thx
#mur
------------------------------
Murdjoko ...
------------------------------