Shell Control Box 4 F2 Product Description

Similar documents
Shell Control Box 4 LTS Product Description

Shell Control Box 3 F5

ISO27001 compliance and Privileged Access Monitoring

The syslog-ng Store Box 3 F2

The syslog-ng Store Box 3 LTS

What is new in BalaBit Shell Control Box 4 LTS

syslog-ng Store Box PRODUCT DESCRIPTION Copyright BalaBit IT Security All rights reserved.

PCI Compliance Auditing and Forensics with Tectia Guardian

BalaBit IT Security Insight Singaporean Internet Banking and Technology Risk Management Guidelines Compliance

ISO COMPLIANCE WITH OBSERVEIT

The Comprehensive Guide to PCI Security Standards Compliance

USER ACTIVITY MONITORING FOR IBM SECURITY PRIVILEGED IDENTITY MANAGER

CorreLog Alignment to PCI Security Standards Compliance

Privileged Activity Monitoring

syslog-ng Product Line

HOW OBSERVEIT ADDRESSES KEY HONG KONG IT SECURITY GUIDELINES

What IT Auditors Need to Know About Secure Shell. SSH Communications Security

PCI DSS compliance and log management

Mobile Admin Architecture

Secret Server Qualys Integration Guide

March

Release Version 4.1 The 2X Software Server Based Computing Guide

Enterprise IT is complex. Today, IT infrastructure spans the physical, the virtual and applications, and crosses public, private and hybrid clouds.

Remote Vendor Monitoring

LogInspect 5 Product Features Robust. Dynamic. Unparalleled.

Edit system files. Delete file. ObserveIT Highlights. Change OS settings. Change password. See exactly what users are doing!

Vistara Lifecycle Management

PREVENTING DATA LOSS THROUGH PRIVILEGED ACCESS CHANNELS

CTS2134 Introduction to Networking. Module Network Security

Security Solutions

LogPoint 5.1 Product Features Robust. Dynamic. Unparalleled.

Decryption. Palo Alto Networks. PAN-OS Administrator s Guide Version 6.0. Copyright Palo Alto Networks

IBM Security Privileged Identity Manager helps prevent insider threats

2: Do not use vendor-supplied defaults for system passwords and other security parameters

SonicWALL PCI 1.1 Implementation Guide

UNIFIED THREAT MANAGEMENT SOLUTIONS AND NEXT-GENERATION FIREWALLS ADMINISTRATION TOOLS NETWORK SECURITY I ENDPOINT SECURITY I DATA SECURITY

CNS-207 Implementing Citrix NetScaler 10.5 for App and Desktop Solutions

Barracuda Web Filter Demo Guide Version 3.3 GETTING STARTED

Security Overview Enterprise-Class Secure Mobile File Sharing

ObserveIT User Activity Monitoring

"Charting the Course... Implementing Citrix NetScaler 11 for App and Desktop Solutions CNS-207 Course Summary

The syslog-ng Premium Edition 5LTS

Quick Start Guide for VMware and Windows 7

ZEN LOAD BALANCER EE v3.04 DATASHEET The Load Balancing made easy

NetCrunch 6. AdRem. Network Monitoring Server. Document. Monitor. Manage

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

ZEN LOAD BALANCER EE v3.02 DATASHEET The Load Balancing made easy

How To Connect To Bloomerg.Com With A Network Card From A Powerline To A Powerpoint Terminal On A Microsoft Powerbook (Powerline) On A Blackberry Or Ipnet (Powerbook) On An Ipnet Box On

Record and Replay All Windows and Unix User Sessions Like a security camera on your servers

ObserveIT User Activity Monitoring software meets the complex compliance and security challenges related to user activity auditing.

Building A Secure Microsoft Exchange Continuity Appliance

Advanced Administration for Citrix NetScaler 9.0 Platinum Edition

virtualization.info Review Center SWsoft Virtuozzo (for Windows) //

Introduction to Endpoint Security

1Y0-250 Implementing Citrix NetScaler 10 for App and Desktop Solutions Practice Exam

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

Basic & Advanced Administration for Citrix NetScaler 9.2

IBM Tivoli Compliance Insight Manager

HOW OBSERVEIT ADDRESSES KEY INDIA DOT REMOTE ACCESS SECURITY REQUIREMENTS

v7.8.2 Release Notes for Websense Content Gateway

Privileged. Account Management. Accounts Discovery, Password Protection & Management. Overview. Privileged. Accounts Discovery

PowerBroker for Windows

The syslog-ng Premium Edition 5F2

Special Edition for Loadbalancer.org GmbH

OnCommand Performance Manager 1.1

Rule 4-004M Payment Card Industry (PCI) Monitoring, Logging and Audit (proposed)

Release Version 3 The 2X Software Server Based Computing Guide

Proof of Concept Guide

Platform Compatibility... 1 Key Features... 2 Known Issues... 4 Upgrading SonicOS Image Procedures... 6 Related Technical Documentation...

ForeScout CounterACT. Device Host and Detection Methods. Technology Brief

WHAT S NEW IN WEBSENSE TRITON RELEASE 7.8

WhatsUpGold. v3.0. WhatsConnected User Guide

Basics of Internet Security

Network Management System (NMS) FAQ

MANAGED FILE TRANSFER: 10 STEPS TO SOX COMPLIANCE

WEBTITAN CLOUD. User Identification Guide BLOCK WEB THREATS BOOST PRODUCTIVITY REDUCE LIABILITIES

redcoal SMS for MS Outlook and Lotus Notes

PowerBroker for Windows Desktop and Server Use Cases February 2014

Administration Guide NetIQ Privileged Account Manager 3.0.1

Symantec Messaging Gateway 10.6

RSA Authentication Manager 7.1 Security Best Practices Guide. Version 2

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

Symantec Messaging Gateway 10.5

INTERNET SECURITY: THE ROLE OF FIREWALL SYSTEM

Executive Summary and Purpose

Securing Privileges in the Cloud. A Clear View of Challenges, Solutions and Business Benefits

ADAPTIVE AUTHENTICATION ADAPTER FOR JUNIPER SSL VPNS. Adaptive Authentication in Juniper SSL VPN Environments. Solution Brief

PCI COMPLIANCE ON AWS: HOW TREND MICRO CAN HELP

Evaluating the Balabit Shell Control Box

Cisco Application Networking Manager Version 2.0

Privileged Session Management Suite: Solution Overview

Achieving PCI-Compliance through Cyberoam

visionapp Remote Desktop 2010 (vrd 2010)

Cisco ASA Adaptive Security Appliance Single Sign-On: Solution Brief

Distributed syslog architectures with syslog-ng Premium Edition

Quick Start Guide: Utilizing Nessus to Secure Microsoft Azure

Dionseq Uatummy Odolorem Vel Layered Security Approach

Transcription:

Shell Control Box 4 F2 Product Description Copyright Balabit All rights reserved. www.balabit.com

Introduction Independent and Transparent User Monitoring Shell Control Box (SCB) is a turnkey activity monitoring appliance that controls access to remote servers, virtual desktops, or networking devices, and records the activities of the users accessing these systems. For example, it records as the system administrators configure your database servers through SSH, or your employees make transactions using thin-client applications in Citrix environment. The recorded audit trails can be replayed like a movie to review the events exactly as they occurred. The content of the audit trails is indexed to make searching for events and automatic reporting possible. SCB is especially suited to supervise privileged-user access as mandated by many compliance requirements, like PCI-DSS. SCB logs all administrative traffic (including configuration changes, executed commands, etc.) into audit trails. All data is stored in encrypted, timestamped and signed files, preventing any modification or manipulation. In case of any problems (server misconfiguration, database manipulation, unexpected shutdown, etc.) the circumstances of the event are readily available in the audit trails, thus the cause of the incident can be easily identified. SCB is a quickly deployable enterprise tool with the widest protocol coverage on the market. It is an external, fully transparent device, completely independent from the clients and the servers. The server- and client applications do not have to be modified in order to use SCB; it integrates seamlessly into the existing infrastructure. Balabit s Contextual Security Intelligence Suite protects organizations in real-time from threats posed by the misuse of high risk and privileged accounts. Solutions include reliable Log Management with context enriched data ingestion, Privileged User Monitoring and User Behavior Analytics. Together they can identify unusual user activities and provide deep visibility into potential threats. Shell Control Box s privileged user monitoring solution is a core component of the Contextual Security Intelligence Suite. It captures the activity data necessary for user profiling and enables full user session drill down for forensic investigation.

Application areas and typical end-users Regulatory compliance Compliance is becoming increasingly important in several industries - laws, regulations and industrial standards mandate increasing security awareness and the protection of customer data. Regulations like the Sarbanes-Oxley Act (SOX), the Payment Card Industry - Data Security Standard (PCI-DSS), ISO 27001, or the EU Data Protection Act all mandate the strict protection of sensitive information - be it personal data, credit card data, or financial information. Missing items from the log collection system result in many question marks when an incident occurs. Therefore, organizations must find a reliable solution to be able to audit and report the actions of their privileged users in order to ensure compliance. Monitor internal IT staff System administrators are the most powerful users in an IT environment. Although these users typically sit at the bottom of the organizational hierarchy, they have very high or even unrestricted access rights to operating systems, databases and applications. Having superuser privileges on servers, administrators have the possibility to directly access and manipulate your company s sensitive information, such as financial and client data, or HR records. In contrast, their accountability is low, as they have several opportunities to mask their activities. In addition, administrative accounts are often shared among IT staff as you can never know who did what on a system, their accountability is not possible. Supervising these users activity with traditional methods (for example with logging or with written company policies) is quite difficult. As a result, the question of who did what? is almost impossible to answer, and often leads to accusations along with the time and money wasted on investigating incidents.

Control IT outsourcing partners Third parties are essential to business and IT operations. Using such services also means that your organization is willing to trust the administrators of this external company with all its data (for example, private and business e-mails, customer information, and so on), or even with the operation of businesscritical systems. Actually, companies do not have a reliable and easy-to-use solution for validating SLAs and verifying billable activities. Measuring Key Performance Indicators (KPI) such as response times or restricting external administrator access is also a challenging exercise. That is the reason why it is essential to monitor third party access - to know what outsourcing partners do when they connect to your systems. Monitor hosting/cloud providers Cloud & hosting Service Providers (MSPs), as partners, are expected to provide proactive security and monitoring solutions, specialized expertise and resources for organizations of all sizes. Every action a provider performs on its customers servers can trigger a blame-game. Furthermore, cloud providers are increasingly subject to data protection regulations from a variety of organizations ranging from the ISAE (International Standard on Assurance Engagements) via SAS70 to national law enforcement agencies. SCB controls privileged access to cloud datacenters and records the activities in a tamper-proof way to show authentic evidence in accountability issues or for compliance reasons. Troubleshooting & Forensic IT incidents The simple question Who did what on our server? is one of the toughest questions to answer in IT today. When something wrong happens, everybody wants to know the real story. For example, when you have to investigate a remote-access incident, the correlation of logs might be necessary between the desktop PC, the firewall, and the accessed servers. Analyzing thousands of text-based logs can be a nightmare and may require the participation of costly external experts. Without recording the user sessions, the question of who did what and when? is almost impossible to answer, and often leads to accusations along with time and money wasted on investigating the incident. To avoid this, a tamper-proof session-recording solution should be used. Protect sensitive data Many companies manage and store personal data, such as billing information, payment transaction data, and personal financial information. User access to this data must be logged and archived for several years. If there is any unauthenticated access and data leak, the company could suffer major damage to its reputation. SCB perfectly isolates your sensitive systems from unknown intruders or from non-authorized users. In addition, it tracks all authorized access to sensitive data and provides with actionable information in the case of human errors or unusual behavior.

Audit VDI users Enterprises increasingly implement virtualized desktop infrastructures, thus, when users work from their local machine, all of the applications, processes, and data used are kept on the server and run centrally. However, countless business applications running on these terminal servers are not capable of sufficient logging. Consequently, controlling the activities of several hundreds or thousands of thin-client users is almost impossible. SCB can audit protocols used in popular VDI applications (e.g. CITRIX XenDesktop, VMware View), allowing to monitor and record all user activities independently of the application being used. Public references The list of companies and organizations using the Balabit Shell Control Box includes: E.ON Climate & Renewables (http://www.eon.com/en/) - USA Bouygues Telecom (http://www.bouyguestelecom.fr/) France Telenor Group (http://telenor.com/) Norway France Telecom - Orange (http://www.orange.com/en/home) Romania Dubai Islamic Bank PJS (http://www.dib.ae/) United Arab Emirates National Bank of Hungary (http://www.mnb.hu) Hungary Svenska Handelsbanken AB (http://www.handelsbanken.com/) Sweden FIDUCIA IT AG (http://www.fiducia.de/) Germany Ankara University (http://www.ankara.edu.tr/) Turkey Leibniz Supercomputer Center (LRZ) ( http://www.lrz.de/english/ ) Germany CEZ Group ( http://www.cez.cz/en/home.html ) Czech Republic

Product Features and Benefits Independent from servers and clients, and difficult to compromise Transparent operation and easy integration into the existing infrastructure Control all widely used administrative protocols such as SSH, RDP, HTTP(s), Citrix ICA, VNC or Telnet Granular access control to servers and audit trails 4-eyes authorization for remote system- and data access Real-time prevention of risky actions Collect tamper-proof information for forensics investigations Movie-like playback of recorded sessions Free-text search for fast troubleshooting Custom activity reports for compliance Easy, web-based management High Availability option Audit SCP and SFTP connections, list file operations, and extract transferred files Automatic data archiving and backup

Comprehensive Protocol Inspection SCB acts as an application level proxy gateway: the transferred connections and traffic are inspected on the application level (Layer 7 in the OSI model), rejecting all traffic violating the protocol an effective shield against attacks. This high-level understanding of the traffic gives control over the various features of the protocols, like the authentication and encryption methods used in SSH connections, or the channels permitted in RDP traffic. Unwanted tunnel Traffic Allowed tunnel Audited tunnel Upload CD copy Widest protocol coverage SCB supports the following protocols: The Secure Shell (SSH) protocol (version 2) used to access Unix-based servers and network devices. The Remote Desktop Protocol (RDP) versions 5, 6, and 7 used to access Microsoft Windows platforms, including Windows 2012R2 and Windows 10. HTTP/HTTPS protocol used for administrative access to the web interfaces of various devices and applications, for example, routers, firewalls, appliances, web-services, and so on. The X11 protocol forwarded in SSH, used to remotely access the graphical interface of Unix-like systems. The Telnet protocol used to access networking devices (switches, routers) and the TN3270/TN5250 protocols used with legacy UNIX systems and IBM mainframes. TLS or SSL encryption for Telnet, and TN3270 is also supported. The Virtual Network Computing (VNC) graphical desktop sharing system commonly used for remote graphical access in multi-platform environments. TLS or SSL encryption for VNC is also supported. The VMware View application used to access remote virtual desktops (currently only direct connections using the RDP display protocol are supported). Citrix ICA protocol to access virtual desktop and application server infrastructures, designed by Citrix Systems. (SCB is verified as Citrix Ready with XenDesktop and XenApp 7.x deployments.) Reliable connections also known as Common Gateway Protocol (CGP) are also supported. Terminal Services Gateway Server Protocol, so SCB can act as a Terminal Services Gateway (also called TS Gateway or Remote Desktop Gateway).

Detailed Access Control SCB allows you to define connections: access to a server is possible only from the listed client IP addresses. This can be narrowed by limiting various parameters of the connection, for example, the time when the server can be accessed, the usernames and the authentication method used in SSH, or the type of channels permitted in SSH or RDP connections. Controlling the authentication means that SCB can enforce the use of strong authentication methods (public key), and also verify the public key of the users. SCB has the built-in capability to verify the SSH host keys and certificates identifying the servers, preventing man-in-the-middle attacks and other manipulation. Also, SCB can authenticate the users to an external user directory. This authentication is completely independent from the authentication that the user performs on the remote server. SCB supports local credential stores offering a way to store user credentials (for example, passwords, private keys, certificates) and using them to login to the target server, without the user having access to the credentials. That way, users only have to authenticate on SCB with their usual password (that can be stored locally on SCB or in a central LDAP database). If the user is allowed to access the target server, SCB automatically logs in using the data from the credential store. AUTHENTICATION ON THE SCB GATEWAY AUTHENTICATION ON THE SERVER Client SCB Target server The following parameters can be controlled: The group of administrators permitted to access the server (based on username black- and whitelists or LDAP groups) when using SSH, Telnet or RDP6 with Network Layer Authentication. In addition to the authentication performed on the remote server, it is also possible to require an additional, outband authentication on the SCB web interface. Authorization can be based on this outband authentication as well. The IP address of the client machines allowed to access the server. The authentication method (for example, password, public-key, certificate) required to access the server using SSH. The time period when the server can be accessed (for example, only during working hours). The type of the SSH or RDP channel permitted to the server (for example, SSH terminal or port forward, RDP file sharing, and so on). The above rules can be applied both on the connection level and the channel level. That way access to special channels can be restricted to a smaller group of administrators limiting access to only those who really need it.

4-eyes authorization To avoid accidental misconfiguration and other human errors, SCB supports the 4-eyes authorization principle. This is achieved by requiring an authorizer to allow administrators to access the server. The authorizer also has the possibility to monitor the work of the administrator real-time, just like they were watching the same screen. Authorizer Auditor 4-EYES AUTHORIZATION Target server SCB AUDITED CONNECTION Client The 4-eyes principle can be used for the auditors as well; SCB can use multiple keys to encrypt audit trails. In this case, multiple decryption keys are needed to replay the audit trails, so a single auditor on his own cannot access all information about network systems.

Real-time alerting & blocking SCB can monitor the traffic of SSH, Telnet, RDP, ICA and VNC connections in real time, and execute various actions if a certain pattern appears in the command line or on the screen. Predefined patterns can be, for example a risky command or text in a text-oriented protocol, or a suspicious window title in a graphical connection. This functionality can prevent malicious user activities as they happen instead of just recording or reporting it. For example, SCB can block a connection before a destructive administrator command, such as the delete comes into effect. SCB can also detect numbers such as credit card numbers. The patterns to find can be defined as regular expressions. In the case of detecting a suspicious user action, SCB can perform the following measures: Log the event in the system logs. Immediately terminate the connection. Send an e-mail or SNMP alerts about the event. Store the event in the connection database of SCB. Real-time alerting and blocking by SCB Shell Control Box Client ALLOWED SUSPICIOUS (e.g.: credit card data on screen) BLOCKED (e.g.: sudo, rm, etc.) Server Real-time alerts

Movie-like playback and free-text search SCB records all sessions into searchable audit trails, making it easy to find relevant information in forensics or other situations. Audit trails can be browsed online, or followed real-time to monitor the activities of the privileged users. All audit trails stored on SCB and the archiving server are accessible from SCB s web interface. The web-based Audit Data Player application replays the recorded sessions just like a movie all actions of the administrators can be seen exactly as they appeared on their monitor. Audit trails are indexed by an internal on-box indexer or optionally by external indexer services. This makes the results searchable on the SCB web GUI. The improved searching abilities provide easier postmortem incident analysis, as auditors can access detailed search results, for example, hits with precise timestamps or screenshots that contain the searched expression. The full-text searching capabilities provide search results ranked by relevance, many powerful query types, and support for non-latin characters. Shell Control Box INDEXING AND REPORTING AUDITED TRAFFIC Clients Server Web-based audit player The Audit Data Player enables fast forwarding during replays, searching for events (for example, mouse clicks, pressing Enter) and texts seen by the administrator. It is also possible to execute searches on a large number of audit trails to find sessions that contain a specific information or event. SCB can also execute searches and generate reports automatically for new audit trails. These content reports provide detailed documentation about user activities on remote IT systems. In addition, SCB supports the creation of custom reports and statistics, including user-created lists and charts based on search results, the contents of audit trails, and other customizable content. To help you comply with the regulations of the PCI DSS, SCB can generate reports on the compliance status of SCB.

Review file transfers In addition to recording audit trails of the inspected protocols, embedded protocols (for example, other protocols tunneled in SSH, port-forwarding) and transferred files can be recorded as well. Recorded files from SCP and SFTP connections can be extracted for further analysis. It is even possible to convert the audited traffic into packet capture (pcap) format for analysis with external tools. The audit trails are compressed; idle connections do not consume disk space. Reliable auditing Auditing is usually based on the logs generated on the audited server. This model is inherently flawed, as logs of interactive events are usually not too detailed, and there is no way to ensure that the logs stored on or sent by the server have not been manipulated by an administrator or attacker. But SCB is an independent device that operates transparently, and extracts the audit information directly from the communication of the client and the server. In addition, to prevent manipulation and provide reliable information for the auditor, SCB timestamps, encrypts and signs all audit trails. This prevents anyone from modifying the audited information not even the administrator of SCB can tamper the encrypted audit trails. SCB also generates detailed changelogs of any modification of its configuration. Retain all data for over a year SSH and Telnet terminal sessions that take up the bulk of systemadministration work are the most interesting type of traffic for auditing purposes. But such traffic typically does not take up much space on the hard disk (only about 1 MB per hour, depending on the exact circumstances), so SCB can store close to 500.000 hours of the system administrators activities. That means a company who has 50 administrators constantly working online (7x24) can store all SSH and Telnet sessions on SCB for over 1 year in searchable, replayable, readily accessible format. And these figures do not include the data archived on the remote backup server, which are equally accessible from SCB. RDP sessions take up considerably more space (but usually under 1 MB per minute), meaning that SCB can store the data of several weeks of work.

Smooth Integration To make integration into your network infrastructure smooth, SCB supports transparent and nontransparent operations. To simplify integration with firewalled environments, SCB supports both source and destination address translation (SNAT and DNAT). Transparent mode In transparent mode, SCB acts as a transparent router connecting the network segment of the administrators to the segment of the protected servers at the network layer (Layer 3 in the OSI model). destination: server IP : port destination: server IP : port Subnet #1 Shell Control Box Routing Subnet #2 EXTERNAL INTERNAL Client Routing Server Routing

Non-transparent mode In non-transparent mode, SCB acts as a bastion host administrators can address only SCB, the administered servers cannot be targeted directly. The firewall of the network has to be configured to ensure that only connections originating from SCB can access the servers. SCB determines which server to connect based on the parameters of the incoming connection (the IP address of the administrator and the target IP and port). destination: SCB IP : port Subnet #1 Shell Control Box Subnet #2 or #1 EXTERNAL Client Server To make the network configuration flexible, SCB supports virtual networks (VLANs). In VLAN environments the transparent and non-transparent operations are merged: SCB can manage nontransparent (Bastion mode) and transparent (Router mode) connections simultaneously. Integration to user directories SCB can connect to a remote LDAP database (for example, a Microsoft Active Directory server) to resolve the group memberships of the users who access the protected servers. Rules and policies can be defined based on group memberships. When using publickey authentication in SSH, SCB can authenticate the user against the key or X.509 certificate stored in the LDAP database. Administrators and auditors accessing the web interface of SCB can also be authenticated to an LDAP database. RADIUS authentication (for example, using SecurID) is also supported both for accessing the web interface, and also to authenticate the audited SSH sessions.

Integration to Privileged Identity Management solutions In addition to storing credentials locally, SCB can be seamlessly integrated with Lieberman s Enterprise Random Password Manager (ERPM) and Thycotic s Secret Server password management solutions. That way, the passwords of the target servers can be managed centrally using the above password managers, while SCB ensures that the protected servers can be accessed only via SCB since the users do not know the passwords required for direct access. External Password Management AUDITED CONNECTION PAUSED UNTIL GATEWAY AUTHENTICATION IS SUCCESSFUL RETRIEVE CREDENTIALS FOR THE HOST-USER PAIR AUTHENTICATION ON THE SERVER USING DATA FROM THE CREDENTIAL STORE Client GATEWAY AUTHENTICATION ON SCB SCB Target server Beyond ERPM integration, SCB provides a generic Application Programming Interface (API) to make integration with further password management systems also possible. Integration with Blindspotter SCB now supports the operation of Blindspotter, the real-time user behavior analytics solution of Balabit. Blindspotter is a monitoring tool that maps and profiles user behavior to reveal human risk, and can analyze user behavior using the data from the audit trails recorded by SCB. Deployment in Azure Cloud You can deploy SCB as a virtual machine in the Microsoft Azure cloud computing platform. This allows you to conveniently audit access to your entire virtualized infrastructure. Integration to ticketing systems SCB provides a plugin framework to integrate it to external helpdesk ticketing (or issue tracking) systems, allowing to request a ticket ID from the user before authenticating on the target server. That way, SCB can verify that the user has a valid reason to access the server and optionally terminate the connection if he does not. Requesting a ticket ID currently supports the following protocols: SSH, RDP, TELNET and TN3270. Integration to third-party applications Web Services based remote API (RPC API) is also available to manage and integrate with SCB. The SOAP-based RPC API allows you to access, query, and manage SCB from remote applications. You can access SCB using a RESTful API, as well. Accessing SCB with the API offers the following advantages: Integration into custom applications and environments (e.g. helpdesk ticketing systems) Flexible, dynamic search queries from external applications (e.g. from system monitoring tools) Integration with key management systems Configuring SCB from third-party applications

Simple management SCB is configured from a clean, intuitive web interface. The roles of each SCB administrator can be clearly defined using a set of privileges: manage SCB as a host; manage the connections to the servers; view the audit trails and reports, and so on Access to the SCB web interface can be restricted to a physically separate network dedicated to the management traffic. This management interface is also used for backups, logging to remote servers, and other administrative traffic. Users accessing the web interface can be authenticated to an LDAP or a RADIUS database. An X.509 certificate can be also required from the users accessing the web interface to enforce strong authentication. All configuration changes are automatically logged; SCB can also require the administrators to add comments when they modify the configuration of SCB. SCB creates reports from the configuration changes, and the details and descriptions of the modifications are searchable and can be browsed from the web interface, simplifying the Auditing of SCB.

High Availability High Availability SCB is also available in a high availability (HA) configuration. In this case, two SCB units (a master and a slave) having identical configuration operate simultaneously. The two units have a common file subsystem; the master shares all data with the slave node as soon as the data is received: every configuration change or recorded traffic is immediately synchronized to the slave node. If the master unit stops functioning, the other one becomes immediately active, so the protected servers are continuously accessible. SCB-T4 and larger versions are also equipped with dual power units. Automatic data archiving The recorded audit trails are automatically archived to a remote server. The data on the remote server remains accessible and searchable; several terabytes of audit trails can be accessed from the SCB web interface. SCB uses the remote server as a network drive via the Network File System (NFS) or the Server Message Block (SMB/CIFS) protocol. Software upgrades Software upgrades are provided as firmware images upgrading SCB using the SCB web interface is as simple as upgrading a network router. SCB stores up to five previous firmware versions, allowing easy rollback in case of any problems. Support and warranty Support and software subscriptions for SCB can be purchased on an annual basis in various packages, including 7x24 support and on-site hardware replacement. Contact Balabit or your local distributor for details.

Hardware specifications SCB appliances are built on high performance, energy efficient, and reliable servers that are easily mounted into standard rack mounts. Balabit Shell Control Box T1 1xQuadCore CPU, 8 GB RAM, 1 TB HDD software RAID Software license to audit 10 servers, upgradeable to 500 servers. Balabit Shell Control Box T4 1xQuad Core CPU, 8 GB RAM, redundant power supply, 4 TB HDD hardware RAID. Software license to audit 10 servers, upgradeable to 5000 servers. Balabit Shell Control Box T10 2x6 Core CPU, 32 GB RAM, redundant power supply, 10 TB HDD, hardware RAID. Software license to audit 100 servers, upgradeable to unlimited servers. Balabit Shell Control Box VA Virtual appliance to be run under VMware ESXi or Microsoft Hyper-V Software license to audit 10 servers, upgradeable to unlimited servers. Free evaluation A fully-functional evaluation version of SCB is available as a VMware image upon request. An online demo is also available after registering on our website. TO TEST THE BALABIT SHELL CONTROL BOX, REQUEST AN EVALUATION VERSION AT HTTP://WWW.BALABIT.COM/MYBALABIT/ Learn More To learn more about commercial and open source Balabit products, request an evaluation version or find a reseller, visit the following links: The Shell Control Box homepage: http://www.balabit.com/network-security/scb/ The syslog-ng homepage: http://www.balabit.com/network-security/syslog-ng/ Product manuals, guides, and other documentation: http://www.balabit.com/support/documentation/ Request an online demo: https://my.balabit.com/new-request/scb-live Find a reseller: http://www.balabit.com/partnership/commercial/

Copyright Balabit All rights reserved. www.balabit.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information