PCI Compliance and Forensics in Auditing Remote Server Access
Source: Balabit IT Security
This paper discusses the advantages of using BalaBit Shell Control Box (SCB) to control remote access to the UNIX/Linux servers and Windows Terminal Services. SCB can transparently control, audit and replay the Secure Shell (SSH) and Remote Desktop (RDP) protocols commonly used to remotely access and manage servers. The document is recommended for technical experts and decision-makers working on auditing server-administration processes for policy compliance (e.g., PCI), or simply to gather information for forensics situations in case of security incidents. However, anyone with basic networking knowledge can fully understand its contents. The procedures and concepts described here are applicable to version 2.0 of BalaBit Shell Control Box and of SSH Tectia Guardian.