Instructions for the PSM Live Demo

September 22, 2017

Live Demo Instructions for Balabit’s Privileged Session Management, Shell Control Box (PSM, formerly called SCB)


This document gives you a brief overview of the features of Balabit’s Privileged Session Management, Shell Control Box that you can test using the live demo.

Introduction

The PSM Live Demo is configured with limited functionality and grants visitors read-only access. Although you cannot create new connections, you can search for and download already recorded sessions.

PSM uses an application-level proxy technology to relay traffic between client and server systems while making detailed policy-based decisions as to what should or should not be allowed in certain connections and recording the raw network traffic to audit trail files.

Deployment scenarios

Basic Settings > Network. To make the implementation of such proxy technology as easy as possible, PSM supports three basic operation modes (bridge, router and bastion). The demo system is deployed in bastion mode as you can see it at Basic Settings > Network. This is the easiest mode to deploy in most cases while ensuring the least transparency since packets must address PSM specifically.

For details, see Section 2.7, Modes of operation in The Balabit’s Privileged Session Management, Shell Control Box 5 F2 Administrator Guide.

Controlling, monitoring, and recording connections

SSH control > Connections or RDP control > Connections. Once packets make their way to PSM, the system checks its connection policies first to see if it should step in to the middle of the connection and start proxying. The demo system has such policies configured for the SSH and RDP protocols. As you can see on the SSH control > Connections and RDP control > Connections pages, the first level of decision making happens based on TCP and IP header information such as source, destination addresses and destination port. Advanced settings like gateway authentication, usermapping are configured in separate policies and are associated with connections in the corresponding connection policy body. These settings are listed if you open a connection policy.

Auditing connections

Search > Search. Meta information as well as recorded sessions are made accessible at the search interface (Search > Search). The time line at the top shows the number of entries for each day, week, month, and so on, depending on the selected scale. The result table shows the actual entries. All connections (accepted and rejected) are listed and can be narrowed down by clicking around on values to filter for.

For details on the PSM search interface, see Section 16.1, Searching audit trails — the PSM connection database in The Balabit’s Privileged Session Management, Shell Control Box 5 F2 Administrator Guide.

Session playback

The little floppy icon in the first column indicates that an audit trail file is available for that specific connection. These files use a container format that supports encryption, digital timestamping and signing. The audit files contain the original raw network traffic of the activity. To play them back, the BalaBit Audit Player application is needed which can reconstruct the original end-user work-flow.

It is possible to open multiple audit trail files exported from the web interface and run searches against them using the "Find" button from the player's UI. When searching in trails of graphical protocols, optical character recognition is used to textualize the content that appeared on the user's screen.

When matches are found, a white line indicates on the time line where the expression occurs in the session, while moving the mouse cursor over the white line even shows in what context matches are encountered.

Further information

[1]To learn more about Balabit’s Privileged Session Management, Shell Control Box or request a fully-functional 30-day VMware version, you can:




[1] All questions, comments or inquiries should be directed to or by post to the following address: Balabit SA 1117 Budapest, Alíz Str. 2 Phone: +36 1 398 6700 Fax: +36 1 208 ­0875 Web: https://www.balabit.com/

Copyright © 2017 Balabit SA All rights reserved. This document is protected by copyright and is distributed under licenses restricting its use, copying, distribution, and decompilation. No part of this document may be reproduced in any form by any means without prior written authorization of Balabit.

All trademarks and product names mentioned herein are the trademarks of their respective owners.