If your site policy requires simple binds for directory authentication of database users, as shown in LDAP Binding Options, consider that simple binding introduces security risks:
- Network connections to the database are vulnerable to man-in-the-middle attacks.
- Communications between the directory and the database transmit user identities and passwords across the network in plain text.
To eliminate the these security risks, Teradata strongly recommends that you configure TLS protection for all systems that use simple binding.
FIPS (Federal Information Processing Standard) compliance allows organizations to have robust information security programs. Both government and non-government organizations use FIPS when current industry standards or solutions do not meet government requirements. Teradata software running on SLES 12.3 is FIPS-compliant when connected through TLSv1.2 and linked with a FIPS 140-2 compliant version of OpenSSL. The OpenSSL libraries are automatically used.
Analytics Database runs in FIPS-compliant mode. This might impact third-party products libraries that get loaded directly into the SQL processes if they use non-FIPS cryptographic functions, such as MD5 hashing.