Planning session monitoring
Before implementing session monitoring, determine who can do what with recorded sessions:
Who should be able to search their own recorded sessions?
Who should be able to search other people's recorded sessions?
Who can be auto-approved to search or download recorded sessions?
Who requires approval from an authorizer?
In general, requesters are given permission to search, view and download their own sessions. This is so they can review their own work or, if there is an error in the system, they can see what might have gone wrong in their last session. Requesters cannot usually see other people’s sessions. Auditors are usually given permission to search, view and download other people’s recorded sessions. It is also possible for auditors to view a session that is being monitored live. So while an account is checked out and in use an auditor can log onto Bravura Privilege and watch the user make changes on the system.
Users that need to review recorded sessions on a regular basis will be auto-approved to view them so that it will not slow down their work. Generally, 80% of requests should be auto-approved in Bravura Privilege to avoid approver fatigue. Only users that do not require consistent access to recorded sessions should require authorization.
Security and privacy considerations
Carefully consider the consequences of enabling each of these modules. Enabling all modules would provide the most comprehensive session data; however, this would have the greatest potential impact on user privacy. For example, the web cam module can collect information from the users surroundings. If the user can access managed systems from uncontrolled environments, such as public places or their home, enabling this module may not be appropriate.
You can also tailor access to recorded session data depending upon security policy. For example, you may want to ensure that users know what is being monitored, when monitoring is active, and that they will be able to review recorded sessions of their own activity. Other security policies may require covert monitoring which can be enabled through configuration options. By default, covert monitoring is disabled. Review security and user monitoring policies before enabling covert monitoring.
In addition, Bravura Security Fabric , by default, restricts the screen-shot and keystroke-data-monitoring scope to the terminal only, to protect the privacy of the user; for example, when remote users or contractors are accessing monitored systems from public or personal computers, personal data and applications could also be active. This behavior is controlled by the SMON RESTRICT SCOPE setting, which can be applied globally or per managed system policy.
For disclosure options that allow session recording, having SMON RESTRICT SCOPE enabled would mean:
Child processes of the process that receives disclosed access are not recorded.
Local workstation tools opened via
pswxcmd(which open new sessions in the same process as additional tabs) will record all tabs only in the first open session on a workstation; additional simultaneous sessions open to the same tool will record black rectangles.
Disabling this setting allows you to monitor the user’s display and keystrokes on their whole system both inside and outside the terminal when they initiate a privileged session. This provides better security; for example, if a user starts remote desktop, they may be able to copy sensitive data from the remote terminal to an email or another application outside the terminal.
Warning
Clipboard data is not restricted when SMON RESTRICT SCOPE is enabled. Bravura Security Fabric will continue to collect clipboard data inside and outside the terminal for the user's whole system.