17.10 - Masking Partial Binary IP Segments - Advanced SQL Engine - Teradata Database

Teradata Vantage™ - Advanced SQL Engine Security Administration

Product
Advanced SQL Engine
Teradata Database
Release Number
17.10
Release Date
July 2021
Content Type
Administration
Security
Publication ID
B035-1100-171K
Language
English (United States)

The effects of simple masking are clear and easy to understand, for example, the IP/mask 141.206.0.0/16 in an allow element allows IP address 141.206.35.62 to log on because:

  • Zeros in the third and fourth decimal segments of the IP indicate that those segments are not significant to determining the IPs that are allowed.
  • The mask /16 indicates that only the first 16 bits of the allowed IP range must match exactly for the allow filter to function.

If you need to use more complex masking, Teradata recommends that you do a detailed masking analysis to fully understand the effects before you implement the restriction.