Shell Control Box
Oversee and control your external and in-house system administrators.
Collect reliable information for forensics situations.
Improve the auditability of your business processes.
Do you want to fully audit your server-administration processes? Do you have to comply to the SOX, HIPAA, or other financial regulations? Is the maintenance of your IT services outsourced to an external company? Or do you just want to know everything about the servers running your business-critical services?
Quick, radical, efficient
Define a new level of liability above server administrators with the preinstalled and Shell Control Box (SCB). SCB enforces your global regulations for every administrator in a transparent way, without having to modify the application environment. Owing to the clear and intuitive web interface even detailed tuning of the default configuration is amazingly simple and quick.
Reliable auditing
SCB gives you the power to transparently audit the SSH and RDP (MS Remote Desktop Protocol) channels used in server administration. All traffic (including configuration changes, executed commands, etc.) is logged and archived into audit trails. All data is stored in digitally encrypted files, preventing any modification or manipulation. In the case of any problems (server misconfiguration, database manipulation, unexpected shutdown) the circumstances of the event are readily available in the audit trails, thus the cause of the incident can be easily identified.
Like watching a movie
The recorded audit trails can be displayed like a movie - you can see exactly what the administrator did, just like you had been watching his monitor! All audit trails are indexed, enabling fast forwarding, searching the texts seen by the administrator, and more.
Full control over the SSH and RDP channels
You can precisely control all aspects of the SSH and RDP connections using SCB, specifying the boundaries of the administrators' work:
- Disable unwanted SSH features (e.g.: TCP port forwarding, file transfer, VPN, etc.)
- Enforce the use of the selected authentication methods (password, ssh-key, etc.)
- Specify encryption parameters and the permitted algorithms
SCB can also verify the host keys of the server to prevent man-in-the-middle attacks.
Special features
| Feature |
Description |
Benefit |
|
| Protocol compliance inspection |
SCB verifies that all passing SSH and RDP traffic complies to the specifications of the protocol. |
Protection from security risks resulting from erroneous applications and protocol-level attacks. |
| Service control |
Enable or disable SSH channels and services. |
System administrators have access only to the SSH services requires for their work. This reduces the risk of accidental or intentional damages without affecting the work performance. |
| Enforce authentication methods |
Servers protected by SCB can be accessed only using the authentication methods enabled by the company. |
System administrators are not able to reduce the authentication level out of convenience or other reasons. |
| SSH key verification |
SCB automatically verifies the keys used in the SSH channels. |
Prevents the so-called "man-in-the-middle" attacks. |
| Audit trails |
The complete SSH traffic is recorded into compressed, timestamped, encrypted files. |
Enables the auditing of server-administration processes and the evaluation of the system administrators' work. |
| Movie-like replay |
Realtime replay of the selected terminal session. |
Auditors can review the actions of the system administrator from the administrator's perspective, finding errors more easily. |
| New management layer |
Define and auditor level above the system administrators. |
The auditor, as the chief system administrator can physically limit and control the administrator's privileges. |
| Global rules |
The auditor can create global, physically enforced rules that applying to every system administrator. |
The security policy related to server administration can be implemented and controlled from a single location, and can be effortlessly modified if needed. |
| Transparency |
SCB deployed to the proper location of the network can immediately perform its task, without having to modify other network devices or applications. |
SCB provides a solution for long-standing security and auditing problems in a fast, cost-effective, single step. |
| Web based user interface |
Clean, easy-to-use web based graphical interface available from most modern browsers. |
Completely platform-independent solution, low maintenance cost and TCO. |
| SUN server technology |
Shell Control Box is based on SUN Fire x2100 and x2200 servers. |
SUN's servers guarantee the required performance and high availability. |
Application areas and typical end-user
Policy compliance:
Certain regulations - such as the Sarbanes-Oxley Act (SOX), EU 8. Directive - require the financial director of an organization to certify that all financial data they provide to the authorities is accurate and has not been modified. Other industries have similar regulations (like the Health Insurance Portability and Accountability Act (HIPAA), or the Payment Card Industry (PCI) about protecting personal or credit card information. Such data is usually stored in a database on a central server, and is accessible only via dedicated applications, such as accounting software. These applications always create the logs and reports necessary for policy compliance. However, these applications are aware only of legitimate accesses to the database. The server storing the database has to be accessible also by server administrators for maintenance reasons. Having superuser privileges on the server, these administrators have the possibility to directly access and manipulate the database, and also to erase the traces of such actions from the server logs. However, SCB can audit the actions of the administrators, complementing the logs and reports of other applications.
Organizations having outsourced IT:
Many organizations hire external companies to configure, maintain, and oversee their servers and IT services. This essentially means that the organization is willing to trust the administrators of this external company with all their data (e.g.: private and business e-mails, customer information, etc.), or even with business-critical services like the operation of their online shop. Obviously, in such situations it is reassuring to have an independent device that can reliably log all administrative activities. SCB does exactly this - it provides detailed information about any problems with the server, making it easy to find those responsible.
Organizations offering remote management:
Organizations on the other end of the outsourcing line - like server- and webhosting companies - can equally benefit from SCB. It gives them the possibility to oversee and audit the administrators, and is also a great tool to evaluate their effectiveness. The recorded audit trails can also be used as evidence to settle any issues about the remotely administered servers.
Security experts creating honeypot systems:
The transparent auditing capabilities of SCB make it ideal to create honeypot systems. All actions performed by the attacker on the remote server can be logged, without giving him a chance to manipulate or erase the logs.
Integrating SCB into your network
To make integration into your network infrastructure smooth, SCB supports three different operation modes: bridge, router, and bastion host.
Bridge mode
In Bridge mode, SCB acts as a network switch, and connects the network segment of the administrators to the segment of the protected servers at the data link layer (Layer 2 in the OSI model).
Router mode
In Router mode, SCB acts as a transparent router connecting the network segment of the administrators to the segment of the protected servers at the network layer (Layer 3 in the OSI model).
Bastion mode
Administrators can address only SCB, the administered servers cannot be targeted directly. The firewall of the network has to be configured to ensure that only connections originating from SCB can access the servers. SCB determines which server to connect based on the parameters of the incoming connection (the IP address of the administrator and the target IP and port).
Hardware specifications
SCB appliances are built on high performance, energy efficient, and reliable X2100 and X2200 servers from Sun Microsystems. They are easily mounted into standard rack mounts.
BalaBit Shell Control Box N1025
| Sun Fire X2100 M2 x64 server |
|
| Processor |
AMD Opteron Model 1214 dual core processor (2.2GHz/1MB) |
| Memory |
2x 1GB unregistered ECC DDR2-667 memory |
| Hard Disk |
2x Internal 250GB 7,200 RPM 3.5-inch Serial ATA Hard Disk Drive with bracket |
| Network |
4x 10/100/1000 Ethernet ports |
| Other |
6x USB 2.0 ports;
1x I/O riser card with 2x PCI-Express x8 slots;
1x PSU, Service Processor;
X-Option slide rail kit for X2100 M2 |
This Product is Hazard Class Y
More information (external link)
BalaBit Shell Control Box N2500
| Sun Fire x2200 M2 server |
|
| Processor |
2x AMD Opteron Model 2214 dual core processor (2.2GHz/1MB) |
| Memory |
4x 1GB registered ECC DDR2-667 memory |
| Hard disk |
2x Internal 500GB 7,200 RPM 3.5-inch Serial ATA Hard Disk Drive with bracket |
| Network |
4x 10/100/1000 Ethernet ports |
| Other |
1xPSU, Service Processor;
6x USB 2.0 ports;
1x I/O riser card with 2x PCI-Express x8 slots;
X-Option slide rail kit for X2200 M2
|
This Product is Hazard Class Y
More information (external link)
For more information or to arrange a trial, please contact sales@sawmill.co.uk or call +44 (0) 870 741 8787.
ANALYSE