Securing & Monitoring Sessions
Combinations of proxies, gateways, and jump servers can be configured to secure and monitor privileged session activity. This section describes methods for configuring proxies and gateways for various scenarios.
Before you Begin
Understand the basics of proxies supported by the system.
Proxy Type | Description |
|---|---|
Session proxy | This proxy type uses the SSH Tunneling method via Port forwarding between a local computer and a target asset. |
Web Proxy | This proxy type is supported for securely routing web application traffic from local computers to target applications. |
Jump Host | A jump server/host/box or secure administrative host is a special proxy supported with Sectona PAM and used to manage assets in a separate security zone by maintaining complete session isolation. |
SSH Direct | SSH is a remote login shell that helps you to connect remote machines via an encrypted connection. An SSH tunnel consists of an encrypted tunnel created through an SSH protocol connection. An SSH tunnel can be used to transfer unencrypted traffic over a network through an encrypted channel. |
RDP Direct | RDP direct proxy allows users to use any RDP support client like mstsc to directly logon to a device using a combination of PAM authentication credentials. |
Remote Session Host | This proxy type supports RDP & SSH Over Browser sessions in a multi-site environment by using secure connection forwarding to site-specific component. |
Understand how proxies are installed and managed.
Proxy type | Part of Sectona Web Access Component | Scalability | Supported access types |
|---|---|---|---|
Session Proxy | Yes | Yes | All packaged assets and access types other than web applications. |
Web Session Proxy | Yes | Yes | Web Applications only |
Jump Server | Yes | Yes | All access types. |
SSH Direct Proxy | Yes | No | Supports SSH access to Unix systems |
RDP Direct Proxy | Yes | Yes | Support RDP access to Windows system |
Remote Session Host | Yes | Yes | RDP Over Browser, SSH over Browser. |
Find more deployment instruction in Installation & Setup
Session proxy server and Session Proxy Server (Web) can be installed on a single server. However, two-session proxies cannot be initiated on a single server.
Web Session Proxy is mandatory if you have any web application assets configured.
Enabling access from HTML5 browsers
Sectona supports privileged access from any HTML5 supported browser.
RDP & SSH connections over the browsers can be initiated directly by enabling Access types RDP Over Browser and SSH Over Browser in the system.
Web Application and thick clients like SQL Management Studio must be installed on the Windows Terminal Server to be launched within HTML5 based browsers. Refer to Configuring Jump Host for more details.
Suggested Proxy Configurations: Inbuilt and Remote Session Host
To learn about, refer to Installing Sectona Remote Session Host and Configuring Remote Session Host
Enable access from Windows workstation
Sectona support privileged access from any Windows Workstation by using a Installing Sectona Launcher.
RDP and SSH connections are supported via native clients which are downloaded over runtime from the central server.
Web application and thick clients like SQL Management Studio can be installed and launched on the same Windows workstations.
Suggested Proxy Configurations: Session Proxy, Web Session Proxy
Enabling RDP Connection from any RDP client
Sectona support RDP Connections from any RDP client without a need to logon to Sectona Web Access. Tools like Remote Desktop Connection Manager and MSTSC can be used to launch session directly.
Suggested Proxy Configurations: RDP Direct
Enabling SSH connections from any SSH client
Sectona support direct connection from any SSH clients without a need to logon to Sectona Web Access. Tools like putty can be used directly to launch SSH Session by authenticating using a specified method.
Suggested Proxy Configurations: SSH Direct