BACKGROUND OF THE INVENTION

Field of the Invention

The present invention generally relates to methods and devices for server administration, in particular to methods and devices for top security server administration.

Background Art

Software products providing administration methods and devices for one or more servers are known in the art (e.g., Puppet, Ansible, Salt, Chef, AmazonAWS). However, said software products do not provide sufficient confidentiality and security for the administered servers. Therefore, there is a need for timely operation of top confidentiality and security servers related to systems for processing and/or storing commercial/financial/banking classified data or personal data.

Various technologies have been developed to solve the above object.

For example, the patent document US2016269363 A1 discloses restricting communication in industrial control by integrating virtual private network functionality within a programmable logic controller of an industrial control network so that physical access to network interface is insufficient to access information. The programmable logic controller only accepts commands or messages provided through the virtual private network interface and does not accept messages routed directly to the programmable logic controller (20) itself, preventing security breaches in communications. However, using this approach security can also be breached, providing access to the logic controller.

Further, the patent document US2016269445 A1 discloses a method for providing cloud-based network security and access control in a networked computing system, the method comprising: receiving a network traffic request from a user device, identifying the user device, applying rules specific to the network traffic request and the user device, obtaining data specific to the network traffic request in accordance with the applied rules, and providing the data to the user device for presentation to a user in accordance with the applied rules. Applying rules may include blocking, capturing, processing, redirecting, reporting on, and/or alerting to, network traffic related to the user device. The method may also include monitoring network traffic to and from the user device, and generating reports regarding the monitored network traffic. The method may further include detecting a rule violation, and providing a rule violation alert regarding the rule violation to one or more designated alert recipient devices. However, in this method security measures can be circumvented, providing direct access to network traffic; therefore the prior art method is not suitable for use in administration of top security servers.

Some of the aforementioned disadvantages were addressed in the system disclosed in the patent document US2016277447, the system comprising: a rule engine configured to receive data flows, said data flows being between a network and an application, and a controller. The rule engine is provided between said network and said application, and is configured to determine data flow information and in dependence on said information to perform an action with respect to said flow. The controller is configured to provide control information to said rule engine to define one or more actions, wherein communications between said rule engine and said controller are secure. Thus, while the prior art technology provides greater security, it still fails to provide the level of security required in administration of top security servers.

SUMMARY OF THE INVENTION

The object of the present invention is to provide a method and device for top security server administration, providing high level of server administration security.

The object is solved by a device for administration of at least one administered server, the device comprising: an intermediate server comprising a random access memory, a read-only memory and a processor. The read-only memory of the intermediate server comprises a ruleset determining interaction between a predetermined user and at least one predetermined administered server of the at least one administered server. The intermediate server is connected to the at least one administered server and is configured to send commands regarding administrative actions for the administered server to the administered server, and to receive data regarding results of executing said commands. The intermediate server is configured to receive user requests to the random access memory for sending commands to carry out administrative actions for the administered server to the administered server, and for processing said requests by means of the processor in accordance with the ruleset. The technical result is top security server administration using the disclosed device providing high level of security in the administration process due to the disclosed device providing interaction with the administered servers without providing direct access thereto. Furthermore, actions regarding the administered servers are monitored.

According to an embodiment of the present invention, the intermediate server comprises input devices configured to receive user input requests regarding the administration of the at least one administered server.

According to another embodiment of the present invention, the intermediate server is configured to receive requests from remote users.

According to yet another embodiment of the present invention, the intermediate server is configured to record user requests and events in the intermediate server and/or in the at least one administered server associated with said requests.

According to yet another embodiment of the present invention, the intermediate server is configured to send data to at least one dedicated user.

According to yet another embodiment of the present invention, the ruleset comprises a refusal to carry out the request from the predetermined user regarding the at least one predetermined administered server.

According to yet another embodiment of the present invention, the ruleset comprises a permission to carry out the request from the predetermined user regarding the at least one predetermined administered server.

According to yet another embodiment of the present invention, the intermediate server is configured to provide the predetermined user with data regarding results of carrying out the user request with respect to the at least one predetermined administered server.

According to yet another embodiment of the present invention, the intermediate server further comprises a security unit, wherein the intermediate server is configured to change the ruleset by means of commands issued by the security unit and/or by at least one dedicated user.

According to yet another embodiment of the present invention, the security unit is configured to send user requests to the at least one dedicated user and receiving commands regarding processing of said requests therefrom, wherein the security unit is configured to monitor the intermediate server prior to receiving commands regarding request processing from the at least one dedicated user.

The object is further solved by a method for administration of at least one administered server by means of the disclosed device, the method including receiving a user request regarding the administration of the at least one administered server and sending said request to the random access memory of the intermediate server; analyzing the user request based on a ruleset; refusing to carry out the request of the predetermined user if the user request is to be refused according to the ruleset; sending a command to carry out administrative actions for the administered server to the administered server in accordance with the user request if the user request is to be permitted according to the ruleset, and sending data regarding the results of carrying out said command to the intermediate server; and recording the user request and associated events related thereto in the intermediate server and/or in the at least one administered server associated with said request. The method is characterized by the following features: the user is not given a direct access to the at least one administered server itself, but the user is given only the right to send (recommend) a command (commands) in the form of the user request, an action based on the user request is deferred and executed by a system (in the form of the administered server and the device for administration itself) after analysis of the action. The whole "communication block" between the user and the administered server (actions of the user) consists of the following stages ( chain links of a chain ), from which one (last) stage (last chain link) ( namely, a direct action itself ( and which is deferred and executed only by the administered server itself) ) , is removed and hence the system made secure and not susceptible to external interaction :

( communication chain links : getting information about the system ;

making a decision ( consists of a description of the action and the action itself); action (split to 2 parts) so that the action consists of 1 ) the description of the action (the declarative part, i.e. a command or a script) and 2) the physical action itself) ; so that the user (administrator) only sends (suggests executing) the script (the command) (i.e. 1 ) the description of the action), and the system performs the rest itself (i.e. 2) the action itself, i.e. the system executes the script itself).

The disclosed method provides administration of at least one administered server, providing high level of administration security due to the fact that user requests are processed by the intermediate server based on a ruleset.

According to an embodiment of the present invention, the user is provided with data regarding the results of carrying out his request regarding the at least one predetermined administered server.

According to another embodiment of the present invention, the recorded data is further sent to at least one dedicated user. According to yet another embodiment of the present invention, receiving a user request comprises receiving requests from remote users.

Further aspects of the present invention will be evident from the following detailed description of preferred embodiments with reference to the accompanying drawings.

BRIEF DESCRIPTION OF THE DRAWINGS

Fig. 1 is a diagram of the device for server administration according to an embodiment of the present invention.

Fig. 2 illustrates the method of server administration according to an embodiment of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

The present description discloses embodiments and characteristics of the method and device for server administration. It should be noted that the disclosed characteristics of said device in any embodiment can be applied to various embodiments in any combination thereof unless indicated otherwise.

The term "administered server" is used herein to refer to a server maintained and controlled by a dedicated user (network administrator).

The terms "logging" or "recording" are used herein to refer to the procedure of recording all user actions with respect to the server and server actions in response thereto (events).

The singular use of the term "user" herein encompasses any number of users.

Fig. 1 is a schematic diagram of an device 100 for administration of one administered server 120, the device comprising an intermediate server 1 10 connected with the server 120, the intermediate server comprising a random access memory 10, a read-only memory 20, a processor 30 and a security unit 40 formed in this embodiment by an individual microcircuit; however, in other embodiments, the security unit can be formed by a software module stored in the memory 20 or can be implemented in a different form apparent to those skilled in the art.

It should be noted that in other embodiments, the device for administration can comprise other required components, particularly other or additional components in the intermediate server or additional intermediate servers. Further, the disclosed device for administration can be used for administration of two or more administered servers.

The read-only memory 20 contains a ruleset defining the interaction between a predetermined user 130 and the administered server 120. The intermediate server can receive requests from the user 130 regarding sending commands to the administered server 120 to carry out administrative actions for the administered server 120, said commands received by the random access memory 10 of the server 1 10. Upon receiving such requests, the intermediate server 1 10 processes them by means of the processor 30 while applying a ruleset. The user 130 can send his requests to the server 1 10 using input means provided in the server 1 10 or by means of communications channels with the server 1 10, e.g., when the user 130 is located remotely from the server 1 10. The intermediate server 1 10 can further send commands to the server 120 to carry out administrative actions for the server 120 and can receive data regarding results of executing said commands by the server 120.

The ruleset can permit a request by the predetermined user 130 in such manner that corresponding commands to carry out administrative actions for the server 120 are sent to the administered server 120, or the ruleset can define a refusal to carry out the request by the predetermined user 130 with respect to the administered server 120. The security unit 40 optionally sends commands regarding user 130 requests and commands for changing the ruleset to the processor 30. In an embodiment of the present invention, when the disclosed device is used for administration, a meta- description of a task is formed for the intermediate server, said meta-description containing information regarding the user who initiated the task, the administered server which is the target server for performing the task, the command/application name, parameters for carrying out the task, and the parameters for the returned result.

The intermediate server 1 10 records (continuously or at various intervals) user 130 requests and associated events occurring in the server 1 10 and the server 120 as a result of processing said requests. Furthermore, the intermediate server 1 10 provides the user 130 with data regarding the results of carrying out his request regarding the administered server 120, e.g. in the form of a file of a console command output. The result is output, e.g. by forming a file containing the results of carrying out the request on the administered server 120 at a security level accessible by the user 130.

The server 1 10 can be monitored and controlled by a dedicated user 140 or the server administrator. For example, the user 140 can receive data regarding the current status of the server 1 10 from the server 1 10, and the user 140 can further change or set the ruleset with respect to the predetermined user 130. The user 140 can further receive data regarding recording user requests and associated events in the intermediate server and/or the administered server 120 associated with said requests from the server 1 10. Furthermore, in some cases the security unit 40 sends data regarding user 130 requests to the user 140 who responds by sending commands regarding processing of said requests, in which case the security unit 40 monitors the actions of the intermediate server 1 10 prior to receiving user 140 commands. In some embodiments, user 140 actions can also be recorded, e.g., by the security unit 40. It should be noted that, in other embodiments, two or more dedicated users can monitor and control the server 1 10.

The disclosed device can be used for controlling access to administered servers containing confidential information (confidential servers), for limiting attempts to gain unauthorized access to administered servers, for reviewing user and administrator actions in confidential servers, and for isolating a group of confidential servers from the network segment with public and/or corporate access.

Therefore, the disclosed device provides an intermediate security and monitoring layer excluding erroneous, accidental or other commands determined to be unnecessary by means of previously defined security rules (a ruleset), which further reduces error and increases administered server security while further providing the following functionalities:

- security rules for confidential servers limiting access from non-confidential servers;

- forming and storing security rules;

- controlling access permissions and security rules with respect to tasks to be performed on confidential servers;

- reviewing tasks to be performed on confidential servers, detecting potentially dangerous tasks;

- maintaining an operations log (logging);

- receiving tasks to be performed from the non-confidential network segment;

- performing tasks on the confidential server;

- tracking the status of performing tasks on the confidential server;

- receiving results of performing tasks from the confidential server;

- publishing results of performing a task in the non-confidential network segment. Fig. 2 illustrates the method of server administration by means of the device disclosed hereinabove according to an embodiment of the present invention.

At step 210, a request for administration of the administered server is received from a user and sent to the random access memory of the intermediate server; then, at step 220, the user request is analyzed based on a ruleset. At step 230, the request is analyzed in accordance with the ruleset: if the user request should be refused according to the ruleset, the request by the predetermined user is refused, and if the user request should be permitted according to the ruleset, a command to carry out administrative actions for the administered server is sent to the administered server in accordance with the user request (step 240), and data regarding the results of executing said command is sent to the intermediate server (step 250).

Additionally, the user request and the associated events at the intermediate server and the administered server associated with the request can be logged (recorded) in the intermediate server, the user can be provided with data regarding the results of carrying out his request with respect to the administered server, and the recorded data can be sent to at least one dedicated user.

Therefore, the disclosed method and device provide a high level of security in the server administration process.

The present invention is not meant to be limited by the particular embodiments disclosed in the description by way of example; the invention includes all possible modifications and alternative embodiments falling within the spirit and scope of the present invention defined in the accompanying claims.