Privileged Access Management

Intro

We are going to describe this case without disclosing the product or the client as we are under an NDA. At the same time, we can talk about the tasks we had and the non-trivial solutions we found.

The task was to develop a proxy for SSH, Microsoft SQL, Oracle, etc. The main challenge was to provide a possibility of tracking the commands received by the console between the client and the server and restrict them fully or partially, when needed.

Solution

The first problem that we had to solve was performing a so-called Man-in-the-middle attack. All channels were encrypted with a common secret generated according to the Diffie-Hellman protocol during the client-server handshake.

Another challenge we faced was the proprietariness of the protocols. While we worked on this project, there was absolutely no public information on these protocols or on their principles of operation. The Adoriasoft team reverse-engineered and snuffed the Microsoft SQL and Oracle protocols to understand them and find the way to implement the client’s solution.

Each protocol has its own specifics which meant that we could not use the same approach to all of them. We used our profound information security expertise to get “inside” of each protocol and perform the so-called “white hat hacking” to understand how they could be applied in our solution.

With the understanding of the protocols (Privileged Access Management), we developed a proxy to log all the client-server requests and restrict access to specific users and commands or tables.

Regarding the SSH protocol, the client’s initial requirement was to handle server requests via the console. However, when we learned about the product for which we were building the solutions. We identified a number of other problems that had to be resolved, too. While our task was only to develop a way to control console commands. Some applications use GUI SSH tools that also needed to be monitored and restricted.

We proposed a way to record all GUI requests in a video format to monitor all server operations. This way, we managed to enhance the functionality and resolved our client’s key problem – Privileged Access Management.

Technology stack

We believe that any technology is just a tool. It’s the skill that matters most. The most important thing in this project was our information security knowledge and skills. To implement our solution, we put together the following technology stack:

C++, SSH, Oracle, MS SQL
Security Certificates Oracle, Digital signature, Deffi-Helman, Symmetric and Asymmetric Encryption, Key management, Key generation, Random Generation Quality(NIST), Video Rendering with C++ library, Traffic Sniffing on different protocol levels.

Summary

Within the scope of this project, the Adoriasoft team reverse-engineered and sniffed SSH protocols of Microsoft SQL and Oracle to create a solution allowing to control and restrict server access and monitor its operation in GUI.

This project proved that our team welcomes any challenge and its capabilities are virtually limitless. We will be happy to discuss your project or a specific task to which we can always find an effective but elegant solution.