Database Reference
In-Depth Information
Terminal Hub Systems
The other structural type is a hub that acts as the actual gateway to all session communication. This enables
authentication, monitoring, and blocking of damaging commands in one place, and potentially enables a higher level
of security (Figure
13-2
).
DB Servers
Terminal Hub
PAC e.g.
Xsuite and
Adminiscope
LDAP
Directory
OUD, AD
Authentication, access control,
and monitoring
Administrative DBA Users
Figure 13-2.
Terminal hub concept
CyberArk and Xceedium, for instance, both allow the videoing of terminal sessions, though there are intrinsic
issues with PAC hubs in general.
Generic Security Issues with Hub PAC Servers
The following list shows common security weaknesses in hub PAC server systems:
•
Xterm hiding
:
A user may position their Xterm off screen but is still be able to type commands
unseen into the Xterm, thus avoiding monitoring. Xceedium is not vulnerable to this, but
some systems are.
•
Scripted commands
:
Display of commands can be bypassed by running commands
from a script.
•
Xterm shootback
:
An admin user may shoot an Xterm back to their originating client
workstation from the target server, thus bypassing the terminal hub. Alternatives are
netcat
•
SPOF
:
Terminal hub is single point of failure susceptible to a DoS (accidental or malicious).
