WhiteStar Shell

WhiteStar's Secure Shell Solution

The Problem

Sometimes things break - software goes awry, mistakes are made - and you need provide support to your customers.  The trouble is your organization needs to allow support technicians, both on-staff and third-party, remote access to devices within a corporate network (for diagnostic purposes), without exposing those devices to the risk of outside penetration by unwanted individuals. Furthermore direct interactive access is best - the ability to actively view/collect log files or run diagnostics real time on the devices in question - and once diagnostic log files are generated, securely retrieving them is another major problem.

The overall remote support landscape is complicated.  Devices may be on-premises, in the Cloud or running as a virtual machine.  They may be assigned private IP addresses with very limited reachability.  They may be behind multiple firewalls.  Standard tools like SSH [secure shell] require holes in firewalls to function, as well as user accounts with sufficient permissions to diagnose and repair a problem.  Customers are very reluctant to open their network up to allow such access - nor do they want to provide a “phone home” facility that constantly sends information back to their vendors.  Furthermore, Cloud-based management systems have enormous attack surface areas, and most other tools do not account for, or enforce, technician segmentation (the ability to limit exactly which support personnel can access a particular customer's device).  You may also find that companies are extremely hesitant to allow any of their sensitive corporate data to be stored in any Cloud-based management or support platform.

The Solution

WSH, running on WhiteStar’s trust-based overlay network, gives your organization the ability to provide real time first or third-party support without creating a security risk to your customer's network infrastructure.  By maintaining a robust trust-based ecosystem, WhiteStar allows your organization to provide support without the need to open your customer's firewalls or request user accounts with special privileges.  Additionally, WSH provides for the designation of trusted support providers by customer, allowing you to securely segregate which of your staff can actually connect to a particular customer's devices.

While providing the ability to securely access devices within a customer's enterprise network, WSH also provides the ability to transfer any size file - like a system log - to and from devices in a totally secure fashion.  This means your support staff can access files from a customer's devices securely, without the fear that data (potentially containing sensitive user and device data) may be leaked online, protecting your customer against potential data exfiltration. 

Finally, WSH maintains its own log files for each command issued on the remote device.  This provides your customers a running record of what was done on their device (should they want to see what the support organization did), while also providing a running log that can be leveraged by support technicians in order to retrace their steps during debug.  This level of transparency creates a high level of trust between the support staff and the client.

Easy, Simple to Use

WSH has minimal setup required for both support organizations and the customers they support. This means your organization can spend more time focusing on important work and less time worried about complex configurations and setups - and who may access what on the end device.

WSH has been crafted for maximum compatibility and runs as a native Java application in order to adapt to any customer environment. WSH is available as a subscription per seat for enterprise customers, billed annually.

High-Trust Access Controls

WSH utilizes the underlying WhiteStar NOS to affirm trust in individuals who are allowed to access particular devices on a corporate network.  The network itself acts as a trusted third-party, ensuring that only the correct users may connect to devices on a network.  This first party trust model ensures the utmost security, and carries with it all the other benefits of the WhiteStar NOS, like content ownership, constant encryption and the ability to have transient networks that break apart when not in use.  Likewise it also allows for domain specific siloing of user access, which can be based on virtually any characteristic, including geographic specificity.  WhiteStar can even be used to lock down terminal access to specific technicians, so only certain individuals within the support organization may access servers with sensitive data on them.

It’s not paranoia when they really are out to get you…

WSH functions as a last-line-of-defense - a secure method by which IT and other support staff can securely open a remote shell interface on a device.  There is no need to disable firewalls, or create user accounts with special permissions - all attack vectors in today's environments. 

All WhiteStar applications are immune to DDoS attacks, due to the unique nature of WhiteStar’s patented crypto-tag switching technology.  This means that threat actors on the network are unable to impede your traffic, making your traffic immune to common vulnerabilities.  

At WhiteStar, we plan for worst-case scenarios, building products and services that allow companies to function despite the cyberthreats that exist, allowing you to deal with malicious cyberattack decisively.  WSH gives enterprises a crucial tool to fix problems even while under direct attack - and functions alongside our suite of other cybersecurity like WhiteStar Chat and StarDrop - solutions for taking control of the fight in cyberspace.