Shell Control Box
This article may meet Wikipedia's criteria for speedy deletion because in its current form it serves only to promote or publicise an entity, person, product, or idea, and would require a fundamental rewrite in order to become encyclopedic. However, the mere fact that a company, organization, or product is a page's subject does not, on its own, qualify that page for deletion under this criterion. This criterion also does not apply where substantial encyclopedic content would remain after removing the promotional material as deletion is not cleanup; in this case please remove the promotional material yourself, or add the {{advert}} tag to alert others to do so. See CSD G11.
If this article does not meet the criteria for speedy deletion, or you intend to fix it, please remove this notice, but do not remove this notice from pages that you have created yourself. If you created this page and you disagree with the given reason for deletion, you can click the button below and leave a message explaining why you believe it should not be deleted. You can also visit the talk page to check if you have received a response to your message. Note that this article may be deleted at any time if it unquestionably meets the speedy deletion criteria, or if an explanation posted to the talk page is found to be insufficient.
Note to administrators: this article has content on its talk page which should be checked before deletion. Administrators: check links, talk, history (last), and logs before deletion. Consider checking Google.This page was last edited by Holtzlpeter (contribs | logs) at 13:32, 2 March 2010 (UTC) (15 years ago) |
Shell Control Box (SCB) is a device for controling and monitoring administrative protocols used for remote access or management in computer technology. SCB is a Linux based device developed by Balabit IT Security and based on Zorp technology. SCB inspects remote access protocols such as SSH, RDP, Telnet, or Vnc protocols.
Functions
SCB controls only administrative protocols with the embedded application layer gateway (proxy) technology.
Access control
Enforced policy controls classical network access control mechanisms: source IP, destination IP/port and protocol enforcement by layer 7 protocol analysis. It also controls user IDs (eg. root or Administrator is prohibited) by classical
Advanced authentication and authorization
SCB supports gateway authentication, which is a two faktor authentication serverd by SCB: users initiate connections and they also have to login to SCB and enable their own connections.
SCB also supports four eyes priciple, when users who log in must differ from enabler user. It makes sure the user cannot log in without permission.
Channel Control
RDP and SSH protcols implements channels on the top of connection layer. Each SSH and RDP functions are performed in dedicated channels such as Shell is in Session shell channel or Drawing is the channel of Desktop forward in RDP. SCB impemets an advanced control function of
Audit and forensics tool
Inspected protocol content can be stored in Audit trail and replayed by the Audit Player tool.
Working modes
SCB supports differnet deployment topologies and working modes.
Router mode
SCB acts as a normal router with different IP addresses on the internal and external sides. In this mode both administrative and profitable protocols passes through the appliance. Only the administrative protocols are inspected, the rest is routed by the embedded Netfilter/Iptables technology.
Bridge mode
Bridge mode is a variation of router mode, when SCB acts as a switch (working at Layer 2).
Bastion mode
SCB acts as a classical jumpserver. Users uses the IP address(es) and ports of the SCB and the embedded policy makes the decision about the real connection target. Profitable protocols do not pass the SCB device (as a result of topolocy). In such cases it is wise to use a firewall to block direct connections.
Non-transparent mode
Non-transparent mode is a variation ov bastion mode, where the connection information is stored in the user id (eg. SSH user id is 'userID@server:port') and the connection target is the SCB external IP address.
SCB administration
SCB is configured via a web interface on HTTPS protcol. Users are authenticated against local and remote user database backends (LDAP or Microsoft Active Directory). Supported authentcication protocols: password or RADIUS.
Models
N1000: License to audit 10 servers, upgradeable to unlimited servers.
N5000st: License to audit 50 servers, upgradeable to unlimited servers. For bigger bandwidth.