Shell Control Box

The topic of this article may not meet Wikipedia's general notability guideline. Please help to demonstrate the notability of the topic by citing reliable secondary sources that are independent of the topic and provide significant coverage of it beyond a mere trivial mention. If notability cannot be shown, the article is likely to be merged, redirected, or deleted. Find sources: "Shell Control Box" – news · newspapers · books · scholar · JSTOR (Learn how and when to remove this message)

This article may be too technical for most readers to understand. Please help improve it to make it understandable to non-experts, without removing the technical details. (Learn how and when to remove this message)

Shell Control Box (SCB)^[1] is a device for controling and monitoring administrative protocols used for remote access or management in computer technology. SCB is a Linux based device developed by Balabit IT Security and based on Zorp technology. SCB inspects remote access protocols such as SSH, RDP, Telnet, or Vnc protocols. It can act as a transparent device (as a Router or a Network switch) an also in different non-transparent ways (jumpserver). Since 2009 SCB was rebranded by Tectia^[2] under the name SSH Tectia Guardian^[3]

SCB controls only administrative protocols with the embedded application layer gateway (proxy) technology.

Enforced policy controls classical network access control mechanisms: source IP, destination IP/port and protocol enforcement by layer 7 protocol analysis. It also controls user IDs (eg. root or Administrator is prohibited) by classical blacklisting or whitelisting.

SCB supports gateway authentication, which is a two faktor authentication serverd by SCB: users initiate connections and they also have to login to SCB and enable their own connections.

SCB also supports four eyes priciple, when users who log in must differ from enabler user. It makes sure the user cannot log in without permission.

RDP and SSH protcols implements channels on the top of connection layer. Each SSH and RDP functions are performed in dedicated channels such as Shell is in Session shell channel or Drawing is the channel of Desktop forward in RDP. SCB impemets an advanced control function of

Inspected protocol content can be stored in a record, called Audit trail, and could be replayed by the Audit Player tool. Audit trail can be used as a digital evidence. As the whole connection can be replayed (seen by any auditor who have access to the device) it could meen some privacy problems.

BalaBit IT Security