Network monitoring of encrypted connections (SSH, RDP, HTTPS)

Enterprise networks are frequently accessed by 3rd parties such as consultants, outsourcing partners, remote contractors, and other trusted third parties. Today's distributed operations mean that very often these trusted outsiders access the corporate core systems remotely over the public Internet. Allowing remote access requires that encrypted secure protocols are used, to protect the identity and login credentials as well as the privacy of the exchanged data. Use of encryption has, however, an unpleasant side-effect as it also means that the network monitoring solutions used by corporate IT teams are blinded by encryption and unable to monitor the connections. Protocols such as SSH, SFTP, RDP, and HTTPS provide security but also hide the actions within the connections under the cover of encryption.

Corporate IT security teams require tools that can monitor, control, and audit encrypted connections of trusted 3rd parties.

Both corporate security policies and regulatory controls require the monitoring of network access of all users that enter the corporate core systems. Information security is based on knowing and controlling who has access to what. Combining this with the necessity of privacy protected network access requires network monitoring solutions that are able to "see inside" the encrypted and protected connections. Normal network monitoring systems are not able to do this, and are blind to encryption. Common network monitoring tools, such as Wireshark are able to capture, detect and reconstruct various unencrypted protocols, but do not see into the protected tunnels of encrypted SSH, RDP, or HTTPS protocols.

PrivXis a versatile solution for managing privileged connections and monitoring encrypted sessions

PrivX provides a centralized enforcement point that allows effective enforcement for corporate policy and works as a compliance enabler for organizations in regulated businesses.

Using PrivX for network monitoring of encrypted connections allows benefits such as:

Recording an audit trail

Safe use of shared accounts

Effortless enforcement of 2 factor authentication

Prevent SSH back-tunneling attacks

Monitoring network connections of third parties with PrivX allows storing a record of actions for later audits or reviews. PrivXstores the sessions as videos that can be searched and indexed - these recorded sessions form an audit trail that can be used for multiple purposes that range from service level reviews to forensic examinations.

PrivX allows safe and auditable use of shared accounts at corporate resources. This is a very convenient and secure way of sharing a single account among a team of individual users. The actual login credentials of the shared account (for example the root account of the corporate firewall) do not need to be exposed to (sometimes temporary or external) users, and the actions undertaken at the shared account are logged and recorded.

Deploying a well placed security policy enforcement point such as PrivX offers an additional benefit in the form of an efficient and smooth deployment point for two-factor authetication (2FA). Most 2FA solutions require the installation of a server-side component or agent but PrivX installation is agentless. This reduces the solution complexity and maintenance burden, while improving overall system security.

SSH back-tunnelling is one of the ways the SSH protocol can be misused. An attack like this is difficult to observe and protect against, since the actions of the attacker are hidden from sight of most security systems. Using an auditing solution such as PrivXallows detecting an unauthorized SSH tunnel and both preventing the attackers intentions and recording the attempt for more thorough investigations.