BoKS ServerControl

Granular Access Control

Achieve your security goals with granular access control

Granular Access

IT security teams are challenged with a double-edge sword: They have to protect sensitive data while enabling users across the organization to maintain productivity. BoKS® ServerControl enables you to bridge this gap with granular privileged access management.

As a result, your organization can become more secure, simplify your approach to meeting  compliance requirements, and increase overall operational efficiency.

BoKS improves your security posture by enabling you to implement fine-grain security controls across your Linux/Unix infrastructure.

  • Define and enforce who is granted elevated privileges, when, from where, and how
  • Control which commands can be executed by privileged users, (“SUDO”) and audit privileged activity
  • Implement granular assignments for who can switch sessions (SU”)
  • Assign groups of commands instead of giving open root access to all commands
  • Use policy to define which SUDO sessions are keystroke logged based on risk and user
  • Remove the need for distribution of sudoers files with configuration management solutions or scripts.

 

Access Control Types

SSH

BoKS ServerControl provides separate access policy control choice definitions for the following access types

  • Console login
  • Secure shell (SSH)
  • Secure file transfer (SFTP)
  • Secure command execution (SSH Exec)
  • Secure remote command execution (SSH REXEC)
  • SSH proxy
  • SSH tunnelling
  • SSH X11
  • Privileged switch user (SU)
  • Privileged command execution (SUEXEC)--a functional equivalent of SUDO

     The solution also features legacy support for insecure access types, to be enabled with control mitigations

  • Serial Port login
  • Telnet
  • FTP
  • RSH
  • REXEC
  • RCP

Access Control Constraints

All access control rules include the ability to put constraints in place for each rule based on how they operate

  • Which host group or host to connect to
  • From which host or network the user can attempt to connect from
  • Time of day range
  • Day of the week range
  • Which authentication method(s) should be in place to verify the user
  • The depth of keystroke logging, if applicable

Authentication Methods

authentication methods

BoKS ServerControl can be used with a wide variety of authentication methods. However, not all methods apply to all access rule types.

  • User password
  • Password of target account (e.g., when using SU or SUEXEC)
  • SSH user key
  • SSH host key (secure and auditable)
  • SSH X.509 user certificate authentication
  • SSH X.509 host certificate authentication
  • Kerberos session key authentication
  • X.509 certificate authentication (soft token)
  • PKI certificate-based authentication with SMART CARD or USB token
  • Biometric API authentication unlocking PKI SMARTCARD token
  • Radius user password/pin authentication

The Benefits of Granular Access Controls with BoKS

BoKS ServerControl - Quickly Meet Compliance

Meet Compliance Quickly

Quickly meet the access/authorization regulations required by SOX, HIPAA, GLBA, PCI DSS, FDCC, and FISMA.

BoKS ServerControl - Reduce Admin Overhead

Reduce Admin Overhead

Achieve efficiency and scalability in how your team assigns access controls.

BoKS ServerControl - Prevent Breaches

Prevent Breaches

Access Control definitions must be explicitly defined in policy, otherwise access attempts will be blanket-denied and terminated in a BoKS ServerControl domain.

Get Started

Ready to see how BoKS ServerControl enables granular access controls?