Recording of administrator actions
Video and text recording of privileged user sessions
Privileged accounts essentially involve significant information security risks: compromising or abuse of privileged access to the system might lead to severe financial and reputational loss of the company. The Privileged Access Management class solutions allow for organizing of password management for administrative accounts and hide these passwords from the employees. But the password management itself is not sufficient, since it does not solve the problem of privileged access abuse. It is required that every session leaves a digital “trace” that facilitates incident investigation and helps to find the problem root cause. Session recording could be such a “trace”. Record archive makes it possible to find out, where and what actions have been performed and by whom.
The tasks of session recording for privileged accounts can be formulated as follows:
- It is required to provide for session video recording.
- It is also required to provide for text recording of session. The record should register all the started processes, as well as all the data entered with keyboard.
- The records must be stored in archive, along with indication of who has performed actions, account used and the resource (server) where the actions were taken at.
To solve the task, the Indeed Privileged Access Manager (Indeed PAM) software suite uses a session recorder module. The module performs session recording and stores the privileged session archive centrally.
The Indeed PAM session recorder module has the following features.
Sessions record function
- Session recording with configurable video quality
- Session text recording
- Taking screenshots of sessions at regular intervals with configurable image quality
- All recording types (video, text, screenshots) are supported for both RDP and SSH connections.
General architecture scheme of Indeed PAM to solve the session recording task is given below.
The following modules provide for password management in the Indeed PAM:
Indeed PAM Server
This is the core component the of Indeed PAM infrastructure. It is a web application, operating in the Internet Information Services (IIS) server environment. The Indeed PAM server provides for centralized management of system users, user account data and security policies.
The access server is the central part of the privileged access granting scheme. The server provides for access policy compliance, starts an administrator session at the target resource and also carries out text and video recording of sessions. The two-factor authentication is also performed at the access server before starting a privileged session.
The administrator console provides for an interface to configure, manage and check the system operation. An administrator can use the console to allow the users to access their account data, configure access policies, view event and privileged session logs. The administrator console is made as a web application.
Session video archive
The Indeed PAM performs video recording of privileged sessions. All the records are stored in the central archive and are available to administrator via console. Besides video recording, the Indeed PAM can make screenshots of the user display to create a photo archive of the session. Video recording is performed for all types of session (RDP, SSH).
Session text archive
The Indeed PAM also performs text recording of all session types (RDP, SSH). The records are stored in the archive and are available to administrator via console.
The Indeed PAM takes screenshots of privileged sessions periodically. The pictures are stored in the archive and are available for viewing in the administrator console.