rdp session recording

record rdp session
record rdp session

Record RDP Session

You can record rdp session performed via the browser tab. Recording rdp session for your staff or employees accessing your windows servers via rdp is mandatory to meet various security compliances such as pci dss, hippa, FFIEC, SOX, SOC, NIST, NERC, ISO 27001, GDPR and more. A responsible company would record all action performed by it employees on remote mission critical server via rdp. Cyber attacks are very rampant these days and stringent privacy measures like GDPR are in place to ensure that customers data is not leaked in anyway. System administrators could lose sleep when something happen and features like this would give them the peace of mind. The recording that we have built into our jump server software lets you play back the recording at different speeds. The rdp recordings are important whenever you are tasked with the responsibility of performing a forensic audit when you are the victim of a cyber crime or an attack and that is when these recording would be a blessing in disguise. Setup rdp via browser for quick access without having to install rdp client and view the rdp session recordings quickly across your enterprise.

 

SSH Jump Server, SSH Bastion host, SSH Jump host for PCI DSS and other security compliance

ssh jump server

SSH Jump server or Bastion host would be a fortified central server or gateway server where all your staff would login in first via ssh before accessing any other servers behind it. The fortified server is also known as Bastion Host or SSH Jump Host or SSH Jump Box. The jump host assist in securing  PCI DSS and other security compliances.

Using an intermediate ssh jump server increases security and ease of managing your Linux  production servers. Ezeelogin is an ssh gateway software that would help you setup your secure jump server very quickly and comes with lots of security and automation features. The below diagram would give you a better idea of how the ssh jump server works

 

ssh Bastion host ssh Jump server ssh gateway
SSH Gateway – SSH Bastion Host – SSH Jump Host – SSH Jump Box – SSH Jump Server

Advantages in using  ssh Jump Server ( also called a ‘Bastion Host’ )?

  • Built in Identity and Access Management for your staff
  • Intuitive SSH interface to access Linux nodes
  • SSH access to Linux production servers for your staff without sharing the ssh private keys or password
  • Two factor authentication in ssh and for the panel. Yubikey , Google Authenticator, Duo Security 2FA integrated.
  • Record ssh session of your system administrator or devops engineers for performing forensic audits so that you know who does what on which server and when.
  • Privileged Access management so that you know who gets root access and who gets non privileged access.
  • SSH Key management so that you can rotate the keys easily on multiple servers.
  • Root Password management so that you can reset the root password on servers in a click.
  • Parallel Shell integrated so you can execute command on many server simultaneously.
  • Root password management for your Linux server in production
  • Access Control panel like Cpanel/WHM and more in a click
  • PCI DSS 3.2, SOX, SOC2, FFIEC, NERC CIP, ISO 27001 & HIPPA Compliance requirements can be met quickly
ssh jump server
ssh jump server interface

 

 

SSH Jump Host with Yubikey ssh two factor authentication

SSH with Yubikey 2FA authentication

SSH Yubikey based two factor  authentication is integrated into ezeelogin ssh jump host for extra security. Even if someone steals your username and password (which is on the increase) they cannot access your jump host without your physical keyThe YubiKey generates an encrypted password that can only be used once. Hackers require physical access of your YubiKey to generate the OTP.

 

 

Four Eyes authorization for Sarbanes-Oxley ( SOX ) , PCI , HIPAA Security Compliance

four eyes authorization ssh
four eyes authorization for sox compliance

The Sarbanes-Oxley Act of 2002 (SOX) is an act passed by U.S Congress in 2002 to protect investors from the possibility of fraudulent accounting activities by corporations. The SOX Act mandated strict reforms to improve financial  disclosures from corporations and prevent accounting fraud. The SOX Act was created in response to accounting malpractice in the early 2000s, when public scandals such as Enron Corporation, Tyco International plc, and WorldCom shook investor confidence in financial statements and demanded an overhaul of regulatory standards.

Sarbanes-Oxley act or the SOX compliance require that whenever critical task are executed, it should NOT be done individually, it requires the critical transactions or the task at hand to be authorized by two persons and not just one. While managing server or cloud infrastructure, critical action like viewing the ssh session recordings should be authorized by a supervisor as well.

 

SSH Two Factor Authentication

ssh jumpbox with duo two factor authentication
SSH gateway and Jumphost with DUO 2FA o

 

SSH JumpHost and SSH Gateway Ezeelogin supports DUO Security two factor authentication ( 2FA ) which means that anyone having a smartphone these days can easily use it for the second layer of authentication. With DUO, you dont have to type in complex strings or numbers, just tap on the smartphone screen and you are securely authenticated easily. No extra devices like RSA Keys or security token generating devices has to be carried since you already have a smartphone with you to authenticate into your SSH Gateway.

Bastion host with Google 2FA for PCI DSS

bastion host with 2 factor authentication
bastion host with 2 factor authentication

bastion host with 2 factor authentication ensures that ssh access to your Linux servers or aws instances or cloud instances in production via the ssh jump server or  ssh jump host  is super secure.  We have integrated Google two factor authentication in ssh. A user installs the Google  Authenticator app on a smartphone.  The app displays an additional six-digit one-time password . The user enters it, thus authenticating the user’s identity.

OpenSSH 7.0 disables DSA keys by default


The road ahead was never bright for DSA keys and the writing was clear
on the wall. Ezeelogin SSH gateway will be dropping DSA keys and would 
be using ONLY RSA keys in future releases. 
Starting with the 7.0 release of OpenSSH, support for ssh-dss keys has
been disabled by  default at runtime due to their inherit weakness.If
you rely on these key types,you will have to take corrective action or 
risk being locked out. Your best option is to generate new keys 
using strong algos such as rsa or ecdsa or ed25519.RSA keys will give
you the greatest portability with other clients/servers while ed25519
will get you the best security with OpenSSH.(but requires recent versions of
client & server).

If you are stuck with DSA keys, you can re-enable support locally by updating
 your sshd_config and ~/.ssh/config files with lines like so: 
     PubkeyAcceptedKeyTypes=+ssh-dss

Be aware though that eventually OpenSSH will drop support for DSA keys entirely, 
so this is only a stop gap solution.

More details can be found on 
OpenSSH's website: http://www.openssh.com/legacy.html

Meet PCI DSS 3.2 , HIPAA, SOX, SOC2, FFIEC, NERC CIP, ISO 27001 Compliance in your Linux Infrastructure.

jump server pci dss
jump server pci dss

 

If you are a system administrator  and have bunch of Linux server that you need to manage and has to be PCI DSS3.2 ,SOX, SOC2, FFIEC, NERC CIP, ISO 27001,HIPAA  compliant, then look no further, Ezeelogin SSH Gateway will help you be compliant in minutes.

Here are the requirements that Ezeelogin jumphost will help you meet.

  1. SSH User Expiry – This would let you to set an expiry time for an ssh user. It could be a developer or a sysadmin who has to deploy new code and you need to remove the access granted after a period of time. You can now easily set an expiry time after which the user would no longer have access after a preset time.
  2. IAM- Identity and Access Management – This would let you decide which developer / system administrator has access to which Linux production nodes. You can also decide ssh user which  the developer or devops engineer would login into your  Linux Node. You can decide whether the developer should login as non privileged user for example as user ‘dev’ or as ‘root’.
  3. 2FA – Two Factor Authentication in ssh – Easily integrate Yubikey, DUO Security or Google two factor Authentication when your staff accesses your Linux nodes.
  4. SSH Session Recording – Know what your staff does on your Linux nodes. Records ssh session so that you know who does what, when and where.
  5. SSH Key Management – This is usually a headache when you many server and many staff and many keys granting access to the servers. The keys need to be added for a user to grant access or revoked to deny access. The problem has been inherently handled in the ssh jump gateway as all keys are now encrypted and users would have just one key to access the ssh jump gateway which is removed with the users account deletion.
  6. RSA / DSA Key Based Authentication – Support both RSA and DSA key based authentication while we would recommend RSA keys as DSA is considered to be weak and is being deprecated.
  7. Disabling direct root access on target linux server – Direct root access needs to be disabled but then it comes with additional hassle of remembering password and  other overheads.  This is now handled in ingenious way in Ezeelogin
  8. Automated Password resets – Reset the root passwords on your Linux nodes periodically as the password are to be reset. We would recommend disabling direct root access to any Linux nodes.
  9. Centralised  login for Users in  LDAP or Active Directory – Now Authenticate your staff in SSH from your LDAP/ AD.
  10.  Maximum number of failed attempts before the accounts is locked– Repeated failures from your staff trying to access the ssh gateway could be brute force attack. The staff’s account is automatically locked to prevent further bruteforce.
  11. Minimum password length for root password – Easily set root user password  or remote ssh user password up to length of 30 character at a click.
  12. Password reuse  for an SSH Gateway User is limited such that previous 3 password is not allowed to be set again.

Record SSH Session

record ssh sessions
Record SSH Session

Record ssh sessions on Linux server, Amazon EC2  instances for Security Compliance

It is mandatory to record ssh sessions to be PCI DSS Complaint when system administrator, system engineers or devops engineers login via ssh into your Linux machines or cloud instances, . It is also a must to maintain a log of all ssh activities on your Linux servers. This is tedious task for any Linux system administrator as deploying a improvised solution has often turned to be useless in the hour of need.

Why you should record ssh session of your staff /employees on a bastion host ?

Imagine that you have 100 Linux servers or cloud instances. You have 100  users  having access to these server via SSH with some system admins having privileged access or root access. If a user deletes a critical files or a database record which leads to a serious downtime and million of dollar lost in revenue,  following are some of the questions that you would have to answer as the security officer of your Linux infrastructure

  • Which user did it ? How will you find out who is responsible when you have so many of your employees accessing your servers?
  • How did it happen? When did it happen?
  • What is the extent of damage?
  • How will you prevent this in the future?
  • Is it possible to track  ssh server activities of employees?
  • Is it possible to do a forensic investigation when somebody does something bad like opening a backdoor?
  • How to monitor a staff in ssh in real time?
  • Has any Linux  server been breached?
  • How  to ensure that your employees password typed in on STDIN are not recorded as required by security compliances ?
    Enabling the SSH Session recording feature in the Ezeelogin SSH jump server would help you achieve this very quickly and easily so you have a complete record of what was done on your server at any point of time by which jump server user. This is very useful for forensic ssh log audits or for maintaining an audit trail for pci compliance.
    The solution records every ssh activity.  It includes the user input and the output with timestamps.  There is provision to search through the recorded ssh logs as well.