Shell Control Box

Privileged activity monitoring

Shell Control Box is an activity monitoring appliance that controls privileged access to remote IT systems, records activities in searchable movie-like audit trails, and prevents malicious actions. SCB is a quickly deployable enterprise tool with the widest protocol coverage on the market. It is completely independent from clients and servers - integrating seamlessly into existing infrastructures.

Central policy enforcement

SCB acts as a centralized authentication and access-control point in your IT environment, which improves security and reduces user administration costs. The granular access management helps you to control who can access what and when on your servers.

Advanced protection of sensitive data

SCB perfectly isolates your sensitive systems from unknown intruders or from non-authorized users. In addition, it tracks all authorized access to sensitive data and provides actionable information in the case of human errors or unusual behavior.

Prevention of malicious activities

SCB monitors privileged activity in real-time and detects anomalies as they occur. Upon detection of a suspicious user action (for example entering a destructive command, such as "delete"), SCB can send you an alert or immediately terminate the connection.

Tighter employee & partner control

SCB audits "who did what", for example on your database or SAP servers. Once aware of this, your employees will have a greater sense of responsibility, leading to a reduction in human errors. By having an easily interpreted, tamper-proof record, finger-pointing issues can be eliminated.

Faster, cost-effective supervisory audits

SCB makes all user activity traceable by recording them in high quality, tamper-proof and easily searchable audit trails. The movie-like audit trails ensure that all the necessary information is accessible for ad-hoc analyses or custom activity reports.

Lower troubleshooting & forensics costs

When something goes wrong, you need to understand the real story. Analyzing thousands of text-based logs can be a nightmare and may require the participation of external experts. The ability to easily reconstruct user activity allows you to shorten investigation time and avoid unexpected cost.

Granular Access Control

SCB acts as an application level proxy gateway. The transferred connections and traffic are inspected on the application level (Layer 7 in the OSI model), rejecting all traffic violating the protocol – an effective shield against attacks. This high-level understanding of the traffic gives control over the various features of the protocols, like authentication and encryption methods used in SSH connections, or channels permitted in RDP traffic.

  • Support for SSH, RDP, HTTP(s), Citrix ICA, Telnet, TN3270, VNC, X11 and VMware View protocols
  • Control protocol specific channels, such as terminal sessions, disk-mapping or file sharing
  • Audit SCP, SFTP and HTTP(s) based file transfers
  • Detailed access control based on time and user group policies
Strong Authentication and Authorization

SCB can enforce the use of two-factor authentication methods and also verify the public key of the users. SCB has a built-in capability to verify the SSH host keys and certificates identifying the servers, preventing man-in-the-middle attacks and other threats. This authentication is completely independent from the authentication that the user performs on the remote server. To avoid accidental misconfiguration and other human errors, SCB supports the 4-eyes authorization principle as well.

  • Gateway authentication
  • Integration with central authentication databases (for example, Microsoft AD, LDAP or RADIUS)
  • User-mapping policies – describe who can use a shared user (e.g. "root") to access the remote server
  • Password vaulting – use the built-in Credential Store, or integrate with a third-party password management system
  • Server-side auto-login with SCB impersonating the authenticated user on the server
  • "4 eyes" authorization – the authorizer can allow, track, and even terminate the administrator’s access to the server
High Quality Audit & Forensics

SCB operates transparently and extracts information directly from the communication of the client and the server, providing reliable, easy-to-access metadata and content. SCB records all sessions into searchable audit trails, making it easy to find relevant information in forensics or troubleshooting situations. Audit trails can be browsed online, or followed real-time to monitor the activities of the privileged users. The Audit Player application replays the recorded sessions just like a movie – all actions of the administrators can be seen exactly as they appeared on their monitors. The Audit Player enables fast forwarding during replays, searching for events (for example, mouse clicks, pressing Enter) and text seen by the user.

  • Complete documentation about ALL remote system accesses
  • Tamper-proof (encrypted, signed and time-stamped) audit trails
  • Movie-like playback of recorded sessions
  • Fast, free-text search in sessions
  • Custom activity reports
Real-time Alerting and Blocking

SCB can monitor traffic in real time, and execute various actions if a certain, predefined pattern appears in the command line or on the screen. In the case of detecting a suspicious user action (e.g. a destructive command or an unwanted windows application), SCB can perform the following measures:

  • Send an e-mail or SNMP alerts about the event
  • Immediately terminate the connection
  • Log the event in the system logs
  • Store the event in the connection database of SCB
Easy-to-use GUI

SCB is configured from a clean, intuitive web interface. The roles of each SCB administrator can be clearly defined using a set of privileges – management of SCB as a host, management of connections to servers, viewing audit trails and reports, and so on.

  • Granular access control to SCB GUI
  • User-friendly, web-based search interface
Smooth Integration

To ensure integration into your network infrastructure is seamless, SCB is available both as a physical or virtual appliance and supports different operation modes. These modes include router and bastion host modes. To simplify integration with firewalled environments, SCB supports both source and destination address translation (SNAT and DNAT).

  • Independent network appliance, agentless design
  • Multiple operation modes
  • Fast deployment (3-5 days) and low OPEX
  • High Availability option
  • Robust hardware configurations
  • VMware & MS Hyper-V virtual appliance option

SCB is available as an-

  • Hardware Appliance
  • Virtual Appliance

Hardware Appliance Specifications

SCB appliances are built on high performance, energy efficient, and reliable Supermicro hardware that are easily mounted into standard rack mounts.

Product Unit Redundant PSU Processor Memory Useful Capacity RAID IPMI
SCB T-1 1 No Intel(R) Xeon(R) X3430 @ 2.40GHz (4 cores) 2 x 4 GB (DDR3) 1 TB Software raid Yes
SCB T-4 1 Yes Intel(R) Xeon(R) E3-1275V2 @ 3.50GHz (4 cores) 2 x 4 GB (DDR3) 4 TB LSI MegaRAID SAS 9271-4i Yes
SCB T-10 2 Yes 2 x Intel(R) Xeon(R) E5-2630V2 @ 2.6GHz (6 cores) 8 x 4 GB (DDR3) 10 TB LSI MegaRAID SAS 9271-4i Yes

Virtual Appliance

SCB is available as a virtual appliance, as well, running under:

  • VMware ESXi server 4.0 or later or
  • MS Hyper-V server.
Internal "superusers", such as system administrators, developers or C-level managers have practically unrestricted access to your information assets. These users can intentionally - or accidentally - perform harmful actions in IT systems that can cause great damage to the business.
Learn More..
IT contractors such as vendors, services providers or independent consultants all require privileged access to internal networks. Giving responsibility to them is always a security risk.
Learn More..
Terminal services users are a potential security risk in many situations. At most companies, users at different organizational levels (e.g. legal department, HR, sales, etc.) have the possibility to access and manipulate the most sensitive information, such as customer data
Regulations like SOX, PCI-DSS, ISO 27001, or the EU Data Protection Act increasingly mandate strict protection of sensitive information - be it personal data, credit card data, or financial information.
Learn More..
The simple question “Who did what on our server?” is one of the toughest questions to answer in IT today. When something wrong happens, everybody wants to know the real story immediately
Learn More..
copyrigts © kyrah