Introduction

The BalaBit Shell Control Box (SCB) 3.0 main features:

• Support for the RDP7 protocol
• Support for the VMware View application using the RDP protocol
• Controlling and auditing file operations from SCP and SFTP connections, with the possibility to extract and save the transferred files
• Improved high-availability support
• Improved hardware for better scalability and increased performance
• Available as a VMware virtual appliance
• Improved search interface

BalaBit Shell Control Box (SCB) is a device that controls, monitors, and audits remote administrative access to servers and networking devices. It is a tool to oversee server administrators and server administration processes by controlling the encrypted connections used in server administration. It is an external, fully transparent device, completely independent from the clients and the servers. The server- and client applications do not have to be modified in order to use SCB ? it integrates smoothly into the existing infrastructure.

SCB logs all administrative traffic (including configuration changes, executed commands, etc.) into audit trails. All data is stored in encrypted, timestamped and signed files, preventing any modification or manipulation. In case of any problems (server misconfiguration, database manipulation, unexpected shutdown) the circumstances of the event are readily available in the audit trails, thus the cause of the incident can be easily identified. The recorded audit trails can be displayed like a movie ? recreating all actions of the administrator. All audit trails are indexed on a separate indexing-server, enabling fast forwarding during replay, searching for events (e.g., mouse clicks, pressing the Enter key) and texts seen by the administrator. Reports and automatic searches can be configured as well. To protect the sensitive information included in the communication, the two directions of the traffic (client-server and server-client) can be separated and encrypted with different keys, thus sensitive information like passwords are displayed only when necessary.

SCB can also remove the encryption from the traffic and forward the unencrypted traffic to an Intrusion Detection System (IDS), making it possible to analyze the contents of the encrypted traffic. That way traffic that was so far unaccessible for IDS analyzes can be inspected real-time. Other protocols tunneled in SSH can be inspected as well. Similarly, the list of files transferred and accessed in the encrypted protocols can be sent to a Data Leakage Prevention (DLP) system.

Joe's One Day

Download this video (avi, 30Mb)