HOME

TheInfoList



OR:

Shell Control Box (SCB) is a network
security appliance A security appliance is any form of server appliance that is designed to protect computer networks from unwanted traffic. Types of Security Appliances * Active devices block unwanted traffic. Examples of such devices are firewalls, anti virus sca ...
that controls privileged access to remote IT systems, records activities in replayable audit trails, and prevents malicious actions. For example, it records as a system administrator updates a
file server In computing, a file server (or fileserver) is a computer attached to a network that provides a location for shared disk access, i.e. storage of computer files (such as text, image, sound, video) that can be accessed by the workstations that are ab ...
or a third-party network operator configures a router. The recorded audit trails can be replayed like a movie to review the events as they occurred. The content of the audit trails is indexed to make searching for events and automatic reporting possible. SCB is a
Linux Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...
-based device developed by Balabit. It is an application level proxy gateway. In 2017, Balabit changed the name of the product to Privileged Session Management (PSM) and repositioned it as the core module of its Privileged Access Management solution.


Main Features

Balabit’s Privileged Session Management (PSM), Shell Control Box (SCB) is a device that controls, monitors, and audits remote administrative access to
server Server may refer to: Computing *Server (computing), a computer program or a device that provides functionality for other programs or devices, called clients Role * Waiting staff, those who work at a restaurant or a bar attending customers and su ...
s and
network device Networking hardware, also known as network equipment or computer networking devices, are electronic devices which are required for communication and interaction between devices on a computer network. Specifically, they mediate data transmission in ...
s. It is a tool to oversee system administrators by controlling the encrypted connections used for administration. PSM (SCB) has full control over the
SSH The Secure Shell Protocol (SSH) is a cryptographic network protocol for operating network services securely over an unsecured network. Its most notable applications are remote login and command-line execution. SSH applications are based on a ...
, RDP,
Telnet Telnet is an application protocol used on the Internet or local area network to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection. User data is interspersed in-band with Telnet control i ...
,
TN3270 The IBM 3270 is a family of block oriented display and printer computer terminals introduced by IBM in 1971 and normally used to communicate with IBM mainframes. The 3270 was the successor to the IBM 2260 display terminal. Due to the text ...
,
TN5250 IBM 5250 is a family of block-oriented terminals originally introduced with the IBM System/34 midrange computer systems in 1977. It also connects to the later System/36, System/38, and IBM AS/400 systems, and to IBM Power Systems systems running I ...
,
Citrix ICA Independent Computing Architecture (ICA) is a proprietary protocol for an application server system, designed by Citrix Systems. The protocol lays down a specification for passing data between server and clients, but is not bound to any one platfo ...
, and
VNC Virtual Network Computing (VNC) is a graphical desktop-sharing system that uses the Remote Frame Buffer protocol (RFB) to remotely control another computer. It transmits the keyboard and mouse input from one computer to another, relaying the g ...
connections, providing a framework (with solid boundaries) for the work of the administrators.


Gateway Authentication

PSM (SCB) acts as an authentication gateway, enforcing
strong authentication Strong authentication is a notion with several definitions. Strong (customer) authentication definitions Strong authentication is often confused with two-factor authentication (more generally known as multi-factor authentication), but strong a ...
before users access IT assets. PSM can also integrate to user directories (for example, a
Microsoft Active Directory Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. It is included in most Windows Server operating systems as a set of processes and services. Initially, Active Directory was used only for centralize ...
) to resolve the group memberships of the users who access the protected servers. Credentials for accessing the server are retrieved transparently from PSM’s credential store or a third-party
password management There are several forms of software used to help users or organizations better manage passwords: * Intended for use by a single user: ** Password manager software is used by individuals to organize and encrypt many personal passwords using a singl ...
system by PSM impersonating the authenticated user. This automatic password retrieval protects the confidentiality of passwords as users can never access them.


Access Control In the fields of physical security and information security, access control (AC) is the selective restriction of access to a place or other resource, while access management describes the process. The act of ''accessing'' may mean consuming ...

PSM controls and audits privileged access over the most wide-spread
protocol Protocol may refer to: Sociology and politics * Protocol (politics), a formal agreement between nation states * Protocol (diplomacy), the etiquette of diplomacy and affairs of state * Etiquette, a code of personal behavior Science and technology ...
s such as SSH, RDP, or HTTP(s). The detailed access management helps to control who can access what and when on servers. It is also possible to control advanced features of the protocols, like the type of channels permitted. For example, unneeded channels like file transfer or file sharing can be disabled, reducing the security risk on the server. With PSM policies for privileged access can be enforced in one single system.


4-eyes Authorization

To avoid accidental misconfiguration and other human errors, PSM supports the 4-eyes authorization principle. This is achieved by requiring an authorizer to allow administrators to access the server. The authorizer also has the possibility to monitor – and terminate - the session of the administrator in real-time, as if they were watching the same screen.


Real-time Monitoring and Session Termination

PSM can monitor the network traffic in real time, and execute various actions if a certain pattern (for example, a suspicious command, window title or text) appears on the screen. PSM can also detect specific patterns such as credit card numbers. In case of detecting a suspicious user action, PSM can send an e-mail alert or immediately terminate the connection. For example, PSM can block the connection before a destructive administrator command, such as the „rm” comes into effect.


Session Recording

PSM makes user activities traceable by recording them in tamper-proof and confidential audit trails. It records the selected sessions into encrypted, timestamped, and digitally signed audit trails. Audit trails can be browsed online, or followed real-time to monitor the activities of the users. PSM replays the recorded sessions just like a movie – actions of the users can be seen exactly as they appeared on their monitor. The Balabit Desktop Player enables fast forwarding during replays, searching for events (for example, typed commands or pressing Enter) and texts seen by the user. In the case of any problems (database manipulation, unexpected shutdown, etc.) the circumstances of the event are readily available in the trails, thus the cause of the incident can be identified. In addition to recording audit trails, transferred files can be also recorded and extracted for further analysis.


See also


One Identity


References

# https://www.ssi.gouv.fr/entreprise/certification_cspn/balabit-shell-control-box-version-4-0-6-sec3/ # https://channel9.msdn.com/Blogs/PartnerApps/Balabits-Shell-Control-Box-Isolates-Azure-Systems-from-Intruders # https://www.ovum.com/research/swot-assessment-balabit-shell-control-box-version-4-f1/ # https://www.kuppingercole.com/report/ev71570 # https://www.techvalidate.com/product-research/balabit-privileged-access-management # https://cybersecurity-excellence-awards.com/candidates/shell-control-box/ # https://finance.yahoo.com/news/balabit-introduces-shell-control-box-163711081.html # http://www.computerworlduk.com/security/how-balabit-adapted-machine-learning-secure-privileged-account-blind-spot-3642389/ # https://citrixready.citrix.com/balabit-s-a/privileged-session-management.html # https://azuremarketplace.microsoft.com/en-us/marketplace/apps/balabit.balabit-shell-control-box?tab=Overview # https://marketplace.microfocus.com/arcsight/content/balabit-shell-control-box # https://liebsoft.com/partners/technology-integrations/balabit/https://channel9.msdn.com/Blogs/PartnerApps/Balabits-Shell-Control-Box-Isolates-Azure-Systems-from-Intruders Computer security