top of page

【Classic Enterprise Case Studies】SSH command blacklist protects enterprises, preventing malicious users from causing irreparable losses



Case Introduction: A well-established SSH command policy ensures that managers are free from all system worries.


User Background:

Textile material manufacturer - Information and Digital Transformation Department - Manager Yeh


Scenario:

As the company expands its business to locations such as Vietnam, Thailand, and Bangladesh, the newly established factories adopt automated management and actively incorporate the concept of Industry 4.0. The production data from these factories needs to be synchronized continuously with the headquarters through specialized software and hardware solutions. However, during frequent communication with local outsourced IT vendors, the company faced challenges such as language barriers, difficulty controlling server logins, and the inability to manage external personnel engaging in malicious activities like stopping or deleting deployed services. Due to interruptions in remote production monitoring services caused by improper commands from operators, Manager Yeh had to constantly worry about the possibility of outsourced IT personnel leaving after damaging valuable company data. He was in a difficult position to blame them since the local machine and firmware parameters still required connection setup and updates through the local vendors.


Solution:

To address these challenges, Manager Yeh turned to the domestic software MAVIS for assistance. Through MAVIS's built-in connection functionality, he could observe all user connection operations in real-time and save all operation logs. Although Manager Yeh couldn't check these logs all the time, he successfully established an effective control mechanism through MAVIS's policy-setting feature. Manager Yeh directly added specific SSH commands to the blacklist, constraining the behavior of operators according to the policy, and any policy-violating user behavior was meticulously recorded in the log.


In addition to policy setting, MAVIS also provided real-time alerting functionality, allowing Manager Yeh to receive immediate notifications when specific users entered sensitive commands. This real-time nature helped Manager Yeh stay informed about user behavior promptly, ensuring their actions aligned with expectations. For any user inputting malicious commands violating policies, Manager Yeh could not only disconnect their connection but also directly suspend these malicious users. This measure effectively reduced the risk of downtime or unexpected commands caused by human input, making the production line more stable and reliable.


Know more about Mavis SSH Command Blacklist

MAVIS SSH Command Blacklist feature allows managers to proactively prohibit or restrict the use of commands by defining MAVIS policies. This prevents users from executing commands that may cause damage or pose security risks to the system, easily managing user command behavior in SSH connections. Meanwhile, MAVIS policies also support alerting functionality, ensuring managers or project managers receive timely alerts to protect the system from potential security threats caused by malicious users employing illegal commands.



Comments


bottom of page