chapter 11 Flashcards
Recordings
the PSM and PSM for SSH, create video and text recordings for privileged sessions and store them in the vault where they can be viewed at any time by authorized users
you can store PSM video and text recordings in an external storage device
[none]
you can enable session recording in the (blank) for all platforms or for specific platforms by use of exceptions
master policy
only members of the (blank) group can view recordings in the psm
auditors
recordings created by psm for ssh are currently displayed in the (blank) interface
classic
Sizing Calculations for the PSM Server
(ππππ) = (πΆπ ππ π πππ)(π‘π ππ π πππ)(π π ππ π πππ πππππππππ) + 20πΊB
SPSM = Required storage on PSM Server
Csession = Maximum Number of Concurrent Sessions
tsession = Average length of recorded session
Rsession recording = Average bit rate of recorded video
βΌ 100 KB/min β average SSH session
βΌ 200 KB/min β average low activity RDP session
βΌ 300 KB/min β average high activity RDP session with rich wallpaper
(25 sessions) x (180 minutes/session) x (300 KB/minute) + 20GB = 21.35GB
blank
Sizing Calculations for the Vault Server
(ππππ’ππ‘) = (π‘πππ‘πππ‘πππ)(ππ ππ π πππ)(π‘π ππ π πππ)(π π ππ π πππ πππππππππ) + 20πΊB
SVault = Required storage on Vault Server
tretention = Retention history requirement
Nsession = Average number of recorded sessions per day
tsession = Average length of recorded session
Rsession recording = Average bit rate of recorded video
βΌ 100 KB/min β average SSH session
βΌ 200 KB/min β average low activity RDP session
βΌ 300 KB/min β average high activity RDP session with rich wallpaper
(90 days) x (400 sessions/day) x (180 minutes/session) x (300 KB/minute) + 20GB = 1.96 TB
blank
session recordings are stored by default in a safe called (blank)
customer recordings safes can be defined at the platofrm level
the safes are created automatically by the psm when it uploads the first recording to the vault
for example, a separate recordings safe for sox-compliant linux accounts (365 retention period)
psmRecordings
members of the (blank) group are automatically granted permissions on all recording safes
you can also manually set different auditors for each recording safe according to their access control policy
auditors
by default, the (blank) records al activities that take place during privileged sessions and provides audit data for the following events:
-sql commands
-ssh keystrokes
-windows titles
-universal keystrokes
the (blank) for ssh can create audit records for activities that are performed during ssh, scp, and telnet connections
when integrated with the PTA, the suspicious activity risk score is also available the monitoring pane, allowing the auditing team to prioritize session auditing based on risk
psm
psm
a unix admin rdpβs into a server through the PSM. This is done over port (blank)
alternately, he can make a http/s connection to the server via the (blank) on port (blank)
in the first case, the session audit is sent in real time from the psm to the vault
in the second case, the vault forwards real time audit information to SIEM and or PTA for activity risk analysis
1858
pvwa
1858
the (blank) enables authorized users to monitor active sessions, take part in controlling these sessions, and suspend for terminate them. It can also automatically suspend or terminate sessions when notified by the (blank) or a third-party threat analytics tool
psm
pta
while it is not possible to monitor or control live (blank) sessions, it is possible to view the live session audit
psm for ssh
live session monitoring settings determine how users can monitor live privileged sessions and the types of activites that they can perform
by default, all members of the vault group (blank) are authorized to suspend and terminate active sessions
PSMLiveSessionTerminators
