Unique Value of Session Auditor
The core application systems of those large enterprises and organizations consist of a large mount of Unix/Linux servers, Windows servers, network devices, and applications over them, which might be ERP, CRM, resource management, billing system, office automation, electronic operations and maintenance, knowledge management and other client/server and/or browser/server applications.
Generally, administrators and operators use Telnet/SSH to remotely manage Unix/Linux servers and network devices, and use Windows Remote Desktop Protocol (RDP) to remotely manage Windows servers, while might be used are VNC /HTTP /FTP /Rlogin /Rsh and etc.
There seems to be a paradox to security managers. In one side, to counteract the threats from network eavesdroping and hijacking, security managers urge and even require administrators to use those encrypted protocols in remote management. In other side, due to the lack of auditability, security auditors might prevent administrators to use those encrypted protocol so that they can collect and record the audit information. Which choice should the security managers adopt? to use encrypted protocols to avoid threats, or not to use encrypted protocols in order to audit the operations?
BMST's perspective is ENCRPTED PROTOCOLS SHOULD AND CAN BE AUDITED IN THE SAME WAY AS THOSE UNENCRYPTED PROTOCOLS.
BMST's Session Auditor has the unique capability to enhance your audit systems by network based transparent RDP/SSH auditing, in conjunction with complete recording and replay. Morever, RDP/SSH auditing is completely one bonus you can take, because it supports other general protocols just as other audit products. SA is the trustworthy "Black Box" and analyzer in your compliance flight journey.
Session-Auditor has three components. The Sensor(SAS) is reponsible to identify the procotols and record them transparently, and the data is reassembled in sessions and sent back to the second component - Data(SAD), where the session data are stored, processed, indexed and queryed. The third component is the Console (SAC), the general GUI, which is responsible to globally manage all components in the whole system, including the working mode and audit policy.
Session-Auditor help you design and implement complete and powerful audit systems:
- Unique transparent audit to Windows Remote Desktop (RDP), including recording and replay
- Unique transparent audit to Citrix ICA, including recording and replay
- Unique transparent audit to SSH/SCP and etc, including recording and replay
- Network audit to Telnet, FTP, Rlogin, HTTP, VNC, Oracle, Sybase, MS SQL, DB2, Informix, SMTP, POP3, CIFS/SMB and etc.
- Support of user customized protocols
- Complete recording of network sessions and replay
- Data dump/backup and reload
- Flexible and multi-dimensional query and report
- Transparent brige-mode deployment, without change of hosts and applications
- Support of VLAN/Trunk network environment
- Without risk of compatibility among audit software to applications, drastically decreasing the cost of deployment and maintenance
- Non-repudiation because of the complete recorded session data
- Audit function can not be bypassed
- User and operating activity oriented presentation and report
- Hierachical and distributed deployment to provide high flexibility and scalability
- Role based access control mechanism,authentication and encryption to protect the audit information
- Convenient configuration through serial port
- Remote online system upgrade
- Time synchronization among all components to make sure all audit data are trustworthy and reliable