17.20 - Masking Effects on an Incoming IP Address - Analytics Database - Teradata Vantage

Teradata Vantage™ - Analytics Database Security Administration - 17.20

Deployment
VantageCloud
VantageCore
Edition
Enterprise
IntelliFlex
VMware
Product
Analytics Database
Teradata Vantage
Release Number
17.20
Published
June 2022
Language
English (United States)
Last Update
2023-03-07
dita:mapPath
hjo1628096075471.ditamap
dita:ditavalPath
qkf1628213546010.ditaval
dita:id
zuy1472246340572

When the Teradata Vantage gateway ANDs the mask with the IP, the result acts as an 8-bit filter that tests the IP source addresses s of incoming logons.

The mask tells the filter which part of an IP address or range is important, and to what extent it must test an incoming IP address against IP restrictions in the allow and deny elements. If an element does not define a mask, the masking defers to the value 255.255.255.255, meaning that the incoming IP must match the filter IP exactly or the filter has no effect.

In the example Example: Allow IP, the mask uses the value 255 in the first three decimal-separated segments (24 bits) to instruct the filter to consider the entire value of each of the corresponding segments of the IP. The segments are binary, and the 8 bits represent (from right to left) the first eight values in the binary sequence, 1, 2, 4, 8, 16, 32, 64, and 128, for a total value of 255.

To consider only part of a binary IP string, you can use a mask similar to:

255.255.192.0

The gateway applies the masking values to the binary string from right to left. A value of 192 means that the mask considers the 2 left positions of the third binary segment, 128 and 64, which total 192.

Partial segment masking can have complex effects on filter function. Before you use this type of masking, see Masking Partial Binary IP Segments.

You can also use an alternate form of masking that expresses the mask as the number of binary bits (from left to right in the binary string) that the restriction must consider. Using the bit method, the 255.255.255.0 becomes 24, or 3 decimal-separated, 8-bit segments.