Privileged Session Recording

(Feature available only in Premium and Enterprise Editions)

Privileged sessions launched from Password Manager Pro can be recorded, archived and played back to support forensic audits and allow enterprises to monitor all actions performed by privileged accounts during privileged sessions. Session recording caters to the audit and compliance requirements of organizations that mandate proactive monitoring of activities, thereby enabling administrators to readily answer questions regarding the ‘who,’ ‘what’ and ‘when’ of privileged access. Password Manager Pro enables recording of Windows RDP, SSH / Telnet, and SQL sessions launched from the product.

How secure is session recording?

Password Manager Pro employs first-in-class, browser-based remote login mechanism for the session recording process. From any HTML5-compatible browser, users can launch highly secure, reliable and completely emulated Windows RDP, SSH and Telnet sessions with a single click, without the need for additional plug-in or agent software. Remote connections are tunneled through the Password Manager Pro server, requiring no direct connectivity between the user device and the remote host. In addition to superior reliability, the tunneled connectivity provides extreme security as passwords needed to establish remote sessions do not need to be available at the user’s browser. The session recording capability is an extension of the robust remote login mechanism of Password Manager Pro.

From version 6500, Password Manager Pro comes bundled with RDP, SSH and Telnet session gateways. This allows the users to launch remote terminal sessions from their browser that are tunneled through the Password Manager Pro server. The remote terminal sessions are emulated in the browser screen itself and hence there is no need for installing any plug-in or agent in any of the end-points. The only requirement is that the browsers should be HTML 5 compatible (For example IE 9 or above, FF 3.5 or above, Safari 4 or above, Chrome).

To enable session recording,

  • Navigate to Admin >> Configuration >> Session Recording.
  • In the pop-up form that opens up, select the text boxes "Record RDP sessions" and/or "Rexcord VNC sessions" and/or "Record SSH, Telnet and SQL sessions" as required.
  • Click "Save".
  • Once this is done, as soon as an administrator adds a resource that supports one of these remote terminal session types (RDP, SSH, Telnet), the session recording feature becomes available.

To view or play back the recorded sessions,

You can find the recorded sessions listed under Audit tab >> Recorded Sessions. You can trace the required session through the name of the resource, user who launched the session, time at which the session was launched etc. Just click "Play" at the end of each entry to view the recorded session. While viewing a recorded session, use the seek bar feature to skip any part of the recording and progress to any particular point by clicking on the seek bar. Detailed steps are given below:

  • Navigate to the "Audit" tab.
  • Select the "Recorded sessions" section from the list displayed on the left hand side of the Audits UI.
  • Click "Play" against the recorded session which you want to view.

Session Shadowing / Real-time Session Monitoring

(Feature available only in Enterprise Edition)

Password Manager Pro lets administrators closely monitor the privileged sessions on highly-sensitive IT resources. Shadowing allows admins to join active sessions, observe user activities parallelly, and terminate them in case of suspicious activities. Similarly, admins can also offer assistance to users while monitoring the users’ activities during troubleshooting sessions.

To monitor sessions in parallel,

  • Navigate to "Audit" tab.
  • Select the "Active Remote Sessions" section from the list displayed on the left hand side of the Audits UI.
  • Trace the session to be monitored through the name of the resource.
  • Click the "Join" button.You will be able to view the session in parallel.

To terminate a suspicious session,

  • Navigate to "Audit" tab.
  • Select the "Active Remote Sessions" section.
  • Trace the session to be monitored through the name of the resource.
  • Click the "Terminate" button. The session with the remote resource will be terminated. The user will lose connection with the remote resource.

Purging Recorded Sessions

PMP allows you to purge bulk session recordings that are older than a specified number of days, or delete selective recorded sessions from the database.

To purge bulk session recordings:

  • Navigate to Admin >> Configuration >> Session Recording. Alternatively, you can also navigate to Audit >> Recorded Connections, and click "Configure Session Recording" on the top right corner to perform this action.
  • To purge the records that are older than a specified number of days, specify the number in the textbox against the field "Purge recorded sessions that are more than -- days old". You can also disable purging by giving "0" in the text field.
  • Click "Save". The Session Recordings that are older than the number of days specified by you, will be purged.

To delete selective session recordings:

Note: In order to delete selective sessions from PMP database, there should be at least two administrators in PMP, including yourself. This is to ensure that no important session is deleted without proper confirmation.

  • Navigate to Audit >> Recorded Connections.
  • Choose the session you want to delete and then click the delete icon beside it under the "Delete" column.
  • You can either choose to delete the recording of the session or the chat logs of a particular session as shown below:
  • Once you have chosen to delete the chat log or the session recording, a dialog box will appear prompting you to confirm the action as shown below.
  • Click "OK" to confirm the same.
  • The other administrator(s) will be notified of the same and a request will be sent to them. They can either approve or reject this decision. Note that the deletion process requires the consent of just two administrators, i.e., if an administrator apart from you approves, the deletion will take place, irrespective of the approval of the other administrators (if any).
  • If you have chosen to delete the chat logs of a particular session, PMP will delete the same automatically once it has been approved, as shown below. A message will pop up saying "Chat log deleted".
  • Based on whether the session files are present inside the system or in any external device, their deletion will take place as explained below:
  • Scenario 1: If the file is present in the system, PMP will delete the recording once the  request has been approved by another administrator. 
  • Scenario 2: If the recordings are present in an external device and not in PMP during this process, PMP will run a system scheduler to delete these files. In this case, the file(s) will be deleted only if the external device containing the session recordings is connected to the PMP server when the scheduler runs. 

Note: Once the deletion of a recording has been approved but the action hasn't been carried out yet as explained in scenario 2 above, PMP will temporarily disable the video recording until deletion and it cannot be viewed by anyone including the administrators. 

©2014, ZOHO Corp. All Rights Reserved.

Top