Privileged Session Recording

(Feature available only in Premium and Enterprise Editions)

It is possible to record, playback, and archive privileged sessions launched from Password Manager Pro, to support forensic audits and allow enterprises to monitor all actions performed by the privileged accounts during privileged sessions. The session recording caters to the audit and compliance requirements of organizations that mandate proactive monitoring of activities, thereby enabling administrators to readily answer the ‘who,’ ‘what’ and ‘when’ questions of privileged access. You can use Password Manager Pro to record Windows RDP, SSH/Telnet, and SQL sessions launched from Password Manager Pro's interface.

How secure is session recording?

Password Manager Pro employs first-in-class, browser-based remote login mechanism for the session recording process. From any HTML5-compatible browser, users can launch highly secure, reliable and completely emulated Windows RDP, SSH and Telnet sessions with a single click, without the need for an additional plug-in or agent software. Remote connections are tunneled through the Password Manager Pro server, requiring no direct connectivity between the user device and the remote host. In addition to superior reliability, the tunneled connectivity provides extreme security as passwords needed to establish remote sessions do not need to be available at the user’s browser. The session recording capability is an extension of the robust remote login mechanism of Password Manager Pro.

From version 6500, Password Manager Pro comes bundled with RDP, SSH and Telnet session gateways. This allows the users to launch remote terminal sessions from their browser that are tunneled through the Password Manager Pro server. The remote terminal sessions are emulated in the browser screen itself and hence there is no need for installing any plug-in or agent in any of the end-points. The only requirement is that the browsers should be HTML 5 compatible (For example IE 9 or above, Firefox 3.5 or above, Safari 4 or above, Chrome).

To enable session recording,

  • Navigate to Admin >> Configuration >> Session Recording.

  • In the pop-up form that opens up, select the text boxes "Record RDP sessions" and/or "Record VNC sessions" and/or "Record SSH, Telnet and SQL sessions" as required.
  • Click "Save".
  • Once this is done, as soon as an administrator adds a resource that supports one of these remote terminal session types (RDP, SSH, Telnet), the session recording feature becomes available.

To view or play back the recorded sessions,

Navigate to Audit tab >> Recorded Connections. You can trace sessions using any of the following: the name of the resource, the user who launched the session, the time at which the session was launched, etc. Just click "Play" at the end of each entry to view the recorded session. While viewing a recorded session, click the seek bar to skip a part of the recording and progress. Detailed steps are given below:

  • Navigate to the Audit tab >> Recorded Connections.
  • Click Play against the recorded session which you want to view.

SSH Session Splitting

Starting from version 9902, Password Manager Pro gives you the option to split larger session recording files from the SSH and Telnet remote sessions into several smaller files. This will ensure a smooth, uninterrupted session playback that doesn't require a buffer time. By default, this option is disabled. To enable the feature, navigate to Admin >> General Settings >> Miscellaneous >> Enable splitting of SSH and Telnet session recordings into multiple files.

Session Shadowing / Real-time Session Monitoring

(Feature available only in Enterprise Edition)

Password Manager Pro lets administrators closely monitor the privileged sessions on highly sensitive IT resources. Shadowing allows admins to join active sessions, observe user activities parallelly, and terminate them in case of suspicious activities. Similarly, admins can also offer assistance to users while monitoring the users’ activities during troubleshooting sessions.

To monitor sessions in parallel:

  • Navigate to Audit >> Active Privileged Sessions.
  • Trace the session to be monitored through the name of the resource.
  • Click the Join button.You will be able to view the session in parallel.

To terminate a suspicious session,

  • Navigate to Audit >> Active Privileged Sessions
  • Trace the session to be monitored through the name of the resource.
  • Click on the "Terminate" button. The session with the remote resource will be terminated. The user will lose connection with the remote resource.

Purging Recorded Sessions

Password Manager Pro allows you to purge bulk session recordings that are older than a specified number of days, or delete selective recorded sessions from the database.

To purge bulk session recordings:

  • Navigate to Admin >> Configuration >> Session Recording. Alternatively, you can also navigate to Audit >> Recorded Connections, and click Configure Session Recording on the top right corner to perform this action.
  • To purge the records that are older than a specified number of days, specify the number in the text field Purge recorded sessions that are more than -- days old. You can disable purging by leaving the text field empty, or by entering 0 as the value.
  • Click Save. The session recordings that are older than the number of days specified by you will be purged.

To delete selective session recordings:

Note: In order to delete selective sessions from the PMP database, there should be at least two administrators in Password Manager Pro, including yourself. This is to ensure that no important session is deleted without proper confirmation.

  • Navigate to Audit >> Recorded Connections.
  • Choose the session you want to delete and then click on the delete icon beside it under the Delete column.
  • You can either choose to delete the recording of the session or the chat logs of a particular session as shown below:
  • Once you have chosen to delete the chat log or the session recording, a dialog box will appear prompting you to confirm the action as shown below.
  • Click "OK" to confirm the same.
  • The other administrator(s) will be notified of the same and a request will be sent to them. They can either approve or reject this decision. Note that the deletion process requires the consent of just two administrators, i.e., if an administrator apart from you approves, the deletion will take place, irrespective of the approval of the other administrators (if any).
  • If you have chosen to delete the chat logs of a particular session, PMP will delete the same automatically once it has been approved, as shown below. A message will pop up saying "Chat log deleted".
  • Based on whether the session files are present inside the system or in any external device, their deletion will take place as explained below:
  • Scenario 1: If the file is present in the system, PMP will delete the recording once the  request has been approved by another administrator. 
  • Scenario 2: If the recordings are present in an external device and not in PMP during this process, PMP will run a system scheduler to delete these files. In this case, the file(s) will be deleted only if the external device containing the session recordings is connected to the PMP server when the scheduler runs. 

Note: Once the deletion of a recording has been approved but the action hasn't been carried out yet as explained in scenario 2 above, PMP will temporarily disable the video recording until deletion and it cannot be viewed by anyone including the administrators. 

©2014, ZOHO Corp. All Rights Reserved.