Rules and parameters of Blocked List policy
One Blocked List policy consists of parameters intended to describe a login attempt. The described login attempt is expected to be blocked if a match with the policy is detected in the target system.
In this section:
- Common rules and parameters for Blocked List
- IP Address
- <additional property>
- Start and Finish
- Integration-specific parameters
- MS SQL parameters of Blocked List
- Oracle parameters of Blocked List
- Windows parameters of Blocked List
Common rules and parameters for Blocked List
There are two outcomes of an applied Blocked List policy. One outcome is when the access to the target system for the user is blocked, and the other outcome is when the access is allowed. The outcome is defined by a match to all the parameters that are established for one policy. To set a policy, it is needed to specify the parameters.
In different integrations the parameters can differ, however as a general cross-integration approach, to define an incoming login attempt the following parameters are considered:
- IP address - to identify the host computer, or a subnet;
- <additional properties> - to make the detection of a logon attempt more precise, for example, by recognizing the app that generates the inbound connection, or the user details, like the username;
- timestamp - to qualify a logon attempt by time limits, if any.
With the availability of different parameters, only those parameters are factored in for the outcome that have been specified. Otherwise, if a parameter is null, i.e. not established, it is disregarded.
IP Address
String
Determines a host, or a subnet in a four-segment decimal format: eg. 145.11.219.4 .
To define a subnet, the subnet mask is specified using the asterisk sign * which indicates the entire range of the hosts in the subnet: eg. 255.255.255.*
For one policy, it is possible to enter one value for the IP Address parameter: either the IP address, or the subnet mask. If it is needed to specify a range of IP addresses, for each IP address an individual policy should be written.
Integrations can differ in their requirements to how an IP Address can be specified. For more integration-specific details, refer to the Integration-Specific Parameters part below.
<additional property>
String
For different integrations it can be a different parameter: eg. ApplicationNameMask, or LoginName.
In general, the <additional property> is designed to allow patterns based on .NET Regular Expressions. For more details, see: https://docs.microsoft.com/en-us/dotnet/standard/base-types/regular-expressions
Below are some examples of regular expression elements to use to build a pattern:
\s*- indicates zero or more occurrences of a white-space character;[0-9]{0,3}- indicates zero to three occurrences of the decimal digits 0 through 9;(,[0-9]{3})*- indicates zero or more occurrences of a group separator followed by three decimal digits;(Server\\.? | SQL\\.? | SQL\s+Server\\.? | Developer\\.? )- indicates any occurrences of "Server", "SQL", "SQL Server", or "Developer".\s*sqlclient\s*- indicates any string that contains any number of characters before and after the word "sqlclient".
Start and Finish
String
To define a time limit, two parameters: Start and Finish are used. The time can or cannot be specified. And if it is specified, it is mandatory that the both parameters: Start and Finish are used. Otherwise, in case if only one parameter is established, and the other is null, the time limit is not applicable.
Each of the parameters is specified in a 24-hour format with the precision of up to the minutes, as follows: hh:mm.
For some integrations, seconds are possible. It is recommended to verify the time limit requirements for a specific integration.
In case if Start is established to be more than Finish and less than 24; and Finish is established to be less than Start and more than zero, then the time limit is calculated outside of the specified period: eg. with 18:00 for Start and 09:00 for Finish, the target system will block the access from six o’clock in the evening and to nine o’clock in the morning.
Integration-specific parameters
The integration-specific Blocked List parameters described below fully implement the common rules, and on top of it, add what exists different in a particular integration. If something is not mentioned herein, it is implied to be the same as in the cross-integration Blocked List parameter specification.
|
Parameter |
Description |
|
MS SQL parameters of Blocked List | |
|
|
Allows both a specific IP address, or a subnet mask. |
|
|
This is the name of the application that generates the inbound connection to the MS SQL target. Supports regular expressions. |
|
|
Supports a 24-hour format, precision to minutes: i.e. |
|
Oracle parameters of Blocked List | |
|
|
Allows both a specific IP address, or a subnet mask. |
|
|
This is the name of the application that generates the inbound connection to the Oracle target. Supports regular expressions. |
|
|
Supports a 24-hour format, precision to minutes: i.e. |
|
Windows parameters of Blocked List | |
|
|
Allows only a subnet mask as a value. |
|
|
This is the username with which the authentication is made on the Windows target. Supports regular expressions. |
|
|
Supports a 24-hour format, precision to milliseconds: i.e. |