Network monitoring of encrypted connections SSH RDP HTTPS
Enterprise networks are frequently accessed by 3rd parties such as consultants, outsourcing partners, remote contractors, and other trusted third parties. Today's distributed operations mean that very often these trusted outsiders access the corporate core systems remotely over the public Internet. Allowing remote access requires that encrypted secure protocols are used, to protect the identity and login credentials as well as the privacy of the exchanged data. Use of encryption has, however, an unpleasant side-effect as it also means that the network monitoring solutions used by corporate IT teams are blinded by encryption and unable to monitor the connections. Protocols such as SSH, SFTP, RDP, and HTTPS provide security but also hide the actions within the connections under the cover of encryption.
Corporate IT security teams require tools that can monitor, control, and audit encrypted connections of trusted 3rd parties.
ContentsMonitoring Network Access of 3rd Parties CryptoAuditor - Monitor, Control, Audit Audit Trail of 3rd Party Actions Allows Safe Use of Shared Accounts Enforcement of Two-Factor Authentication Real-time Protection Against Data Theft Prevent SSH Back-tunneling Attacks
Monitoring Network Access of 3rd Parties
Both corporate security policies and regulatory controls require the monitoring of network access of all users that enter the corporate core systems. Information security is based on knowing and controlling who has access to what. Combining this with the necessity of privacy protected network access requires network monitoring solutions that are able to "see inside" the encrypted and protected connections. Normal network monitoring systems are not able to do this, and are blind to encryption. Common network monitoring tools, such as Wireshark are able to capture, detect and reconstruct various unencrypted protocols, but do not see into the protected tunnels of encrypted SSH, RDP, or HTTPS protocols.
CryptoAuditor - Monitor, Control, Audit
CryptoAuditor is a transparent, network based solution for monitoring encrypted connections at a designated network entry point, for example at a corporate firewall. CryptoAuditor works as a trusted audit point as it intercepts, decrypts, inspects, and re-encrypts traffic - transparently without the endpoints even knowing of the procedure.
CryptoAuditor provides a centralized enforcement point that allows effective enforcement for corporate policy and works as a compliance enabler for organizations in regulated businesses.
Using CryptoAuditor for network monitoring of encrypted connections allows benefits such as:
Recording an audit trail
Safe use of shared accounts
Effortless enforcement of 2 factor authentication
Real-time protection against data theft
Prevent SSH back-tunneling attacks
Audit Trail of 3rd Party Actions
Monitoring network connections of third parties with CryptoAuditor allows storing a record of actions for later audits or reviews. CryptoAuditor stores the sessions as videos that can be searched and indexed - these recorded sessions form an audit trail that can be used for multiple purposes that range from service level reviews to forensic examinations.
Allows Safe Use of Shared Accounts
CryptoAuditor allows safe and auditable use of shared accounts at corporate resources. This is a very convenient and secure way of sharing a single account among a team of individual users. The actual login credentials of the shared account (for example the root account of the corporate firewall) do not need to be exposed to (sometimes temporary or external) users, and the actions undertaken at the shared account are logged and recorded.
Enforcement of Two-Factor Authentication
Deploying a well placed security policy enforcement point such as CryptoAuditor offers an additional benefit in the form of an efficient and smooth deployment point for two-factor authetication (2FA). Most 2FA solutions require the installation of a server-side component or agent. With CryptoAuditor, this agent can be deployed in the CryptoAuditor virtual appliance. This reduces the solution complexity and maintenance burden, while improving overall system security.
Real-time Protection Against Data Theft
CryptoAuditor's network monitoring capabilities allow real-time traffic observation and filtering. CryptoAuditor can be configured to take preventive action for example in the case where an unauthorized file transfer of designated high value data assets is discovered. CryptoAuditor stops data exfiltration attacks on the fly.
Prevent SSH Back-tunneling Attacks
SSH back-tunnelling is one of the ways the SSH protocol can be misused. An attack like this is difficult to observe and protect against, since the actions of the attacker are hidden from sight of most security systems. Using an auditing solution such as CryptoAuditor allows detecting an unauthorized SSH tunnel and both preventing the attackers intentions and recording the attempt for more thorough investigations.