|
Going Beyond Standard Windows
Auditing and Logging
As regulations regarding auditing and logging become increasingly complex, network activity monitoring - for both users and administrators - becomes even more business critical. With this innovative landscape, new requirements have become apparent:
- Auditing every single action performed in the computing environment provided by a company.
- Archiving all user actions for later playback and review.
- Assuring collected information is valid, complete, and securely stored. - Solutions must be reliable to ensure all activity is captured.
- Solutions must be easy to deploy and cost effective.
Traditional tools may address some of the above requirements but in today's ever-changing landscape, such solutions have proved not to be adequate. In the wake of federal rule changes that clarify the requirements to produce electronic evidence in lawsuits, the demand for solutions that help companies track and search their electronic data is growing. In this whitepaper, we take a deeper look at auditing and logging, the current options, their drawbacks, and a new complementary way of addressing today's security issues.
A Preferred Solution
There are many solutions available to help network administrators with auditing, security, and compliancy. Some are even part of the standard Windows operating system. However, as the IT landscape becomes more and more complex, and regulations for companies rise, the traditional way of extracting the relevant information has become time consuming and complicated.
One novel solution now available is TSFactory's session recording tool called RecordTS. RecordTS acts as a Terminal Services or Remote Desktop "security camera", allowing network administrators, managers, or C-level executives to see exactly what happened on a company's server for a specific user. RecordTS can be used to monitor everything users and administrators are doing when connected to a Terminal Server or any Windows server accessed remotely using the Microsoft Remote Desktop Client. RecordTS shows the recorded information in a compact video file with options such as fast forward, rewind, and more.
These individual ?video' files can be played back at any time or simply stored in a secure location (locally or externally) for auditing or security purposes. In addition, the recorded files can be digitally signed to prevent tampering.
Problem Resolution
Instead of sorting through hundreds of entries in an event log, RecordTS allows network administrators to simply watch a video file illustrating exactly what a user saw on their screen, including mouse movements, errors, etc. This allows network administrators to see every action that lead up to a problem. Traditional tools require lengthy reviews of event logs to get this information, which does not always work since not all user actions produce event logs. With RecordTS, it is just a matter of locating the appropriate recorded file and playing it back.
Administrators can also use RecordTS Event Stamps? to show a timeline of events before watching the recorded session, therefore jumping directly to the relevant point in time when a specific action occurred.
TSFactory provides an application programming interface (API) that allows third party vendors and customers to integrate RecordTS with their existing solutions. This API can be used to trigger recording to take place only when needed. For example, RecordTS can be set to record once a user's phone is answered, providing great visual monitoring of the user's desktop and network activities while assisting a customer. This API makes it easy for companies to incorporate RecordTS with their existing infrastructure, allowing IT staff to focus on the business needs rather than technical issues.
Key Differences
Although there are many screen recording solutions available in the market, none of them were designed specifically for Terminal Services and its unique scalability requirements. Many of these tools were developed primarily for the desktop market. The issue here is when used on a Terminal Server running 50 user sessions, desktop solutions quickly overwhelm the system to the point where the server becomes unusable. This proves they are not a viable server based computing solution.
|
