Network Encryption Auditing | Teradata Vantage - Using Network Encryption Auditing - Analytics Database - Teradata Vantage

Security Administration

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-12-11
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572
lifecycle
latest
Product Category
Teradata Vantage™

Network encryption auditing logs the security level that client interfaces use on the network when sending messages to the database. The messages are logged to the gateway log.

Network encryption auditing allows internal and external security auditors to know which security levels are being used on all connections and when. It allows security administrators to identify IP addresses and users not in compliance with security policy. It reports the following encryption security levels:
  • Plaintext
  • Integrity, Default
  • Integrity, Low
  • Integrity, Medium
  • Integrity, High
  • Confidentiality, Default
  • Confidentiality, Low
  • Confidentiality, Medium
  • Confidentiality, High
There are three auditing options:
  • No auditing: The feature is disabled, so nothing is logged.
  • Audit everything: Any change in the security level used by a client interface for a session is logged in the current gateway log file.
  • Audit cleartext: This only logs security level changes that result in a security level that does not guarantee confidentiality.

This feature is enabled from gtwcontrol; it is disabled by default. For more information about gtwcontrol, see Teradata Vantage™ - Database Utilities.

Gateway Log

Network encryption auditing is logged to the gateway log. The auditing information is scattered throughout the log file because it is logged (along with other entries) by the session’s gateway to its current log on its own node.

A new log is opened on restart or when the old log reaches a certain size. Logs that are older than seven days old are deleted when a gateway opens a new log.

The auditing information is not entered into database tables, so it must be extracted from the logs and imported to the database to allow sophisticated analysis.

Example: Enabling Network Encryption Auditing to Log Every Change in Security

The example shows the command to enable network encryption auditing to log every change in the security level of incoming messages. Once enabled, this logs the security level of the first message after a session logs on and also logs subsequent security level changes for each session. Run:

gtwcontrol --auditnetsecurity=yes
Only sessions that log on after the flag is set will have their security level logged.

Example: Enabling Network Encryption Auditing to Log Every Cleartext Change in Security Level

The example shows how to determine which client software is not using encryption. The following command enables network encryption auditing to log all cleartext security levels, that is, any level that is not explicitly a Confidentiality level. Run:

gtwcontrol --auditnetsecurity=ct

If any sessions are not using encryption, a message similar to the following will be logged:

gtwnetio.cpp @1816 (117455456): Thu Jan  7 20:10:30 2021
        Client Security Level: Plaintext for Request 2 from HG 1, Session 1115, IPAddr 192.0.2.2, Port 50117, User "TESTUSER"

Example: Disable Network Encryption Auditing

The example shows the command to disable network encryption auditing. Run:

gtwcontrol --auditnetsecurity=no