Shell control box
Encyclopedia
Shell Control Box is a device for controlling and monitoring administrative protocols used for remote access or management in computer technology. SCB is a Linux
based device developed by Balabit
IT Security and based on Zorp technology
. SCB inspects remote access protocols such as SSH
, RDP
, Telnet
, or Vnc protocols. It can act as a transparent
device (as a Router or a Network switch
) an also in different non-transparent ways (jumpserver
). Since 2009 SCB was re-branded by Tectia under the name SSH Tectia Guardian
mechanisms: source IP, destination IP/port and protocol enforcement by layer 7 protocol analysis. It also controls user IDs (eg. root or Administrator is prohibited) by classical blacklist
ing or whitelisting.
, which is a two factor authentication served by SCB: users initiate connections and they also have to login to SCB and enable their own connections.
SCB also supports four eyes principle, when users who log in must differ from enabler user. It ensures the user cannot log in without permission.
, and could be replayed by the Audit Player tool. Audit trail can be used as a digital evidence. As the whole connection can be replayed (seen by any auditor who have access to the device) it rises some privacy
problems in different countries.
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
based device developed by Balabit
Balabit
BalaBit IT Security, founded in 1996, is a software company specializing in the development of IT security systems and related services.-History:...
IT Security and based on Zorp technology
Zorp firewall
Zorp is a proxy firewall suite developed by Balabit IT Security. Its core framework allows the administrator to fine-tune proxy decisions , and fully analyze embedded protocols .The FTP, HTTP, FINGER, WHOIS, TELNET, and SSL protocols are fully supported with an application-level gateway.Zorp aims for...
. SCB inspects remote access protocols such as SSH
Secure Shell
Secure Shell is a network protocol for secure data communication, remote shell services or command execution and other secure network services between two networked computers that it connects via a secure channel over an insecure network: a server and a client...
, RDP
Remote Desktop Protocol
Remote Desktop Protocol is a proprietary protocol developed by Microsoft, which provides a user with a graphical interface to another computer. The protocol is an extension of the ITU-T T.128 application sharing protocol. Clients exist for most versions of Microsoft Windows , Linux, Unix, Mac OS...
, Telnet
TELNET
Telnet is a network protocol used on the Internet or local area networks to provide a bidirectional interactive text-oriented communications facility using a virtual terminal connection...
, or Vnc protocols. It can act as a transparent
Network transparency
Network transparency in its most general sense refers to the ability of a protocol to transmit data over the network in a manner which is transparent to those using the applications that are using the protocol....
device (as a Router or a Network switch
Network switch
A network switch or switching hub is a computer networking device that connects network segments.The term commonly refers to a multi-port network bridge that processes and routes data at the data link layer of the OSI model...
) an also in different non-transparent ways (jumpserver
Bastion host
A bastion host is a special purpose computer on a network specifically designed and configured to withstand attacks. The computer generally hosts a single application, for example a proxy server, and all other services are removed or limited to reduce the threat to the computer...
). Since 2009 SCB was re-branded by Tectia under the name SSH Tectia Guardian
Functions
SCB controls only administrative protocols with the embedded application layer gateway (proxy) technology.Access control at the connection layer
Enforced policy controls classical network access controlNetwork Access Control
Network Access Control is an approach to computer network security that attempts to unify endpoint security technology , user or system authentication and network security enforcement.-Background:Network Access Control is a computer networking solution that uses a set of protocols to define and...
mechanisms: source IP, destination IP/port and protocol enforcement by layer 7 protocol analysis. It also controls user IDs (eg. root or Administrator is prohibited) by classical blacklist
Blacklist
A blacklist is a list or register of entities who, for one reason or another, are being denied a particular privilege, service, mobility, access or recognition. As a verb, to blacklist can mean to deny someone work in a particular field, or to ostracize a person from a certain social circle...
ing or whitelisting.
Advanced authentication and authorization
SCB supports gateway authenticationAuthentication
Authentication is the act of confirming the truth of an attribute of a datum or entity...
, which is a two factor authentication served by SCB: users initiate connections and they also have to login to SCB and enable their own connections.
SCB also supports four eyes principle, when users who log in must differ from enabler user. It ensures the user cannot log in without permission.
Channel Control
RDP and SSH protcols implements channels on the top of connection layer. Each SSH and RDP functions are performed in dedicated channels such as Shell is in Session shell channel or Drawing is the channel of Desktop forward in RDP. SCB implements an advanced control on channles enabled to use. It is useful for disabling port forwards, copy&past and such other functions.Audit and forensics tool
Inspected protocol content can be stored in a record, called Audit trailAudit trail
Audit trail is a sequence of steps supported by proof documenting the real processing of a transaction flow through an organization, a process or a system.....
, and could be replayed by the Audit Player tool. Audit trail can be used as a digital evidence. As the whole connection can be replayed (seen by any auditor who have access to the device) it rises some privacy
Privacy
Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively...
problems in different countries.