Jump to content

Shell Control Box

Add links
From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Holtzlpeter (talk | contribs) at 13:22, 2 March 2010 (Created page with 'Shell Control Box (SCB) is a device for controling and monitoring administrative protocols used for remote access or management in computer technology. SCB is a [[L...'). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

Shell Control Box (SCB) is a device for controling and monitoring administrative protocols used for remote access or management in computer technology. SCB is a Linux based device developed by Balabit IT Security and based on Zorp technology. SCB inspects remote access protocols such as SSH, RDP, Telnet, or Vnc protocols.

Functions

SCB controls only administrative protocols with the embedded application layer gateway (proxy) technology.

Access control

Enforced policy controls classical network access control mechanisms: source IP, destination IP/port and protocol enforcement by layer 7 protocol analysis. It also controls user IDs (eg. root or Administrator is prohibited) by classical

Advanced authentication and authorization

SCB supports gateway authentication, which is a two faktor authentication serverd by SCB: users initiate connections and they also have to login to SCB and enable their own connections.

SCB also supports four eyes priciple, when users who log in must differ from enabler user. It makes sure the user cannot log in without permission.

Channel Control

RDP and SSH protcols implements channels on the top of connection layer. Each SSH and RDP functions are performed in dedicated channels such as Shell is in Session shell channel or Drawing is the channel of Desktop forward in RDP. SCB impemets an advanced control function of

Audit and forensics tool

Inspected protocol content can be stored in Audit trail and replayed by the Audit Player tool.

Working modes

SCB supports differnet deployment topologies and working modes.

Router mode

SCB acts as a normal router with different IP addresses on the internal and external sides. In this mode both administrative and profitable protocols passes through the appliance. Only the administrative protocols are inspected, the rest is routed by the embedded Netfilter/Iptables technology.

Bridge mode

Bridge mode is a variation of router mode, when SCB acts as a switch (working at Layer 2).

Bastion mode

SCB acts as a classical jumpserver. Users uses the IP address(es) and ports of the SCB and the embedded policy makes the decision about the real connection target. Profitable protocols do not pass the SCB device (as a result of topolocy). In such cases it is wise to use a firewall to block direct connections.

Non-transparent mode

Non-transparent mode is a variation ov bastion mode, where the connection information is stored in the user id (eg. SSH user id is 'userID@server:port') and the connection target is the SCB external IP address.

SCB administration

SCB is configured via a web interface on HTTPS protcol. Users are authenticated against local and remote user database backends (LDAP or Microsoft Active Directory). Supported authentcication protocols: password or RADIUS.

Models

N1000: License to audit 10 servers, upgradeable to unlimited servers.

N5000st: License to audit 50 servers, upgradeable to unlimited servers. For bigger bandwidth.

BalaBit IT Security

References

Retrieved from "https://en.wikipedia.org/w/index.php?title=Shell_Control_Box&oldid=347289724"