NL1039590C2 - Method and system for recording user activities within a network. - Google Patents
Method and system for recording user activities within a network. Download PDFInfo
- Publication number
- NL1039590C2 NL1039590C2 NL1039590A NL1039590A NL1039590C2 NL 1039590 C2 NL1039590 C2 NL 1039590C2 NL 1039590 A NL1039590 A NL 1039590A NL 1039590 A NL1039590 A NL 1039590A NL 1039590 C2 NL1039590 C2 NL 1039590C2
- Authority
- NL
- Netherlands
- Prior art keywords
- network
- recording
- access
- recorded
- recording user
- Prior art date
Links
Description
METHOD AND SYSTEM FOR RECORDING USER ACTIVITIES WITHIN A NETWORK
5 BACKGROUND OF THE INVENTION
Most organizations, both public and private, depend heavily on the proper functioning of their computer networks. These computer networks are at the core of all critical business activities and operations. Therefore, it is of utmost importance to organizations to ensure the security and reliability of their network. However, at the same time, in 10 order to obtain the maximum benefit from a network it is important that preferably all employees from all the different departments or business units of an organization can access the network from different locations, often in different parts of the world. With such a crossroad of entangled intra, extra and cloud networks it becomes more and more critical to keep track of any changes that might occur, data transfers that have taken 15 place and, of course, to be able at all times to match the action to a natural person instead of a device.
SUMMARY OF THE INVENTION
The present invention comprises a method and a system that enable the principals or 20 operators of a computer network to record and replay any desired number of sessions of any number of authenticated users within the network environment. Contrary to event logging methods and systems according to the art, the method and system according to the present invention provide a continuous recording of all activities of a user within a network. The methods of event logging, as currently used, comprise logging by node 25 and it takes a lot of expertise to interpret such data before it becomes useful information.
The actions during a session are recorded and stored in a film format. The recorded and stored information can be used for example for trouble shooting, training or compliance purposes. In view of the fact that the method and the system according to the invention serves three functions, i.e. auditing, authentication and access, it is also referred to by 30 the inventor as the triple A method and system.
1039590 2
BRIEF DESCRIPTION OF THE DRAWING
For the purpose of clarifying the invention one drawing is included.
FIG. 1 is a simplified schematic block diagram of an embodiment of a network that 5 includes the system in accordance with the present invention.
DETAILED DESCRIPTION OF AN EMBODIMENT OF THE INVENTION An embodiment of a computer network that comprises a recording solution in accordance with the invention will now be described based on the simplified block 10 diagram shown in FIG. 1. A computer network which includes the recording solution according to the invention may hereinafter also be referred to as the system.
The diagram shows schematically a sandboxed USB communication device 1 which connects to Access Authorization node 4. By using the sandboxed USB no connectivity from the client computer is allowed. Hence, all malware and viruses can be isolated.
15 A communication device 2, such as, but not limited to, for example a switch, router or PC connects to Access Authorization node 4. In addition, the diagram shows a mobile communication device 3, for example a tablet or a smartphone, which connects to Access Authorization node 4.
Subsequently, the Access Authorization node 4 will check in what group the current 20 user is present in the database 5. The database may involve LDAP or another protocol. This check will supply the necessary applications to the business interface 5a on the client. Such applications may include, for example, PuTTY, Microsoft mstsc, browser, etc.
Then, the Access Authorization node 4 will transfer the request to the auditing and 25 access device 6 to the internal network. This device will set up the connection to the internal component 6 (e.g. a switch, pc or server) with the login credentials of the internal user, for example the administrator. Hence, the user from the outside will never have to know the internal passwords to get access to the internal node since the connection and authentication will be facilitated from this device.
30 The auditing and access device 6 is included in a tcp/ip oriented blackbox, hereinafter in this description and in the claims referred to as the networkview-master. The networkview-master will enter the credentials of all the known accounts and passwords 3 based on the permissions that the remote accessor has been given. So it will intermediate as a proxy between the target and the requestor from the (non) trusted network. The networkview-master in return will give access to the trusted network. The duration of the access, e.g. one hour, half a day or one day, can be set as needed or felt 5 appropriate. The networkview-master includes a functionality to display a visual notification or emit a sound signal to warn the user when the access time period is close to expiration.
The system also comprises a divider that separates requests from untrusted networks and devices. The first screening the divider makes, involves checking if the token or 10 user account is known. Subsequently, it will check the database (e.g. LDAP directory) to establish to which group the user belongs and will send the user’s credentials to the networkview-master. The networkview-master has no direct communication (vpn, rdp, etc.) with the outside. All communication from the outside will go through the divider. This concept has been dubbed ‘PASS’ (People Access Secure Sources) by the inventor. 15 The recording command 8 is given and hence the recording session is started after connectivity to the internal device is provided. The actions during the session are recorded and stored in a film format, for example avi, mp4, flash, etc. In a preferred embodiment of the system according to the invention the recording means are integrated in the networkview-master. However, the invention also comprises embodiments 20 whereby the film recording means are connected to the system as a separate device.
The recorded movies can be store locally and/or on file shares in the network 9. The recorded movies can also be stored on NAS (Network Attached Storage), DAS (Direct Attached Storage), SAN (Storage Area Network) devices, ranging from a USB stick to a datacenter 10.
25 The stored movie files can be shared and transported in the cloud 11, through several services, such as SaaS (Software as a Service), PaaS (Platform as a Service) and IaaS (Infrastructure as a Service).
The application of the method and the system in accordance with the present invention 30 will add transparency to users compliance auditing, eliminating the need to have experts sifting through a variety of logs on different systems in different time zones with an inherent risk that compromised systems have been wiped.
4
The movies can also be used for quality control and other auditing purposes.
The example of an embodiment of the invention given in the descriptive section and shown in the drawing is intended to be non-limiting, and is provided in order to help 5 convey the scope of the invention. The present invention encompasses any and all embodiments within the scope of the following claims.
10 15 20 25 1039590 30
Claims (5)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
NL1039590A NL1039590C2 (en) | 2012-05-09 | 2012-05-09 | Method and system for recording user activities within a network. |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
NL1039590 | 2012-05-09 | ||
NL1039590A NL1039590C2 (en) | 2012-05-09 | 2012-05-09 | Method and system for recording user activities within a network. |
Publications (1)
Publication Number | Publication Date |
---|---|
NL1039590C2 true NL1039590C2 (en) | 2013-11-12 |
Family
ID=50190967
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
NL1039590A NL1039590C2 (en) | 2012-05-09 | 2012-05-09 | Method and system for recording user activities within a network. |
Country Status (1)
Country | Link |
---|---|
NL (1) | NL1039590C2 (en) |
-
2012
- 2012-05-09 NL NL1039590A patent/NL1039590C2/en not_active IP Right Cessation
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6821857B2 (en) | Extension of single sign-on to dependent parties of federated logon providers | |
US11924189B2 (en) | Systems and methods for credentialing of non local requestors in decoupled systems utilizing a domain local authenticator | |
US11442624B2 (en) | Digital certification system | |
US9473419B2 (en) | Multi-tenant cloud storage system | |
JP6608453B2 (en) | Remote access control for stored data | |
US9516107B2 (en) | Secure local server for synchronized online content management system | |
US9998470B1 (en) | Enhanced data leakage detection in cloud services | |
US20170149767A1 (en) | Using a service-provider password to simulate f-sso functionality | |
US9009804B2 (en) | Method and system for hybrid software as a service user interfaces | |
CN105379223A (en) | Validating the identity of a mobile application for mobile application management | |
US9723090B2 (en) | Digital certification analyzer temporary external secured storage system tools | |
US10542047B2 (en) | Security compliance framework usage | |
US11665161B2 (en) | Identity services for passwordless authentication | |
US20210182440A1 (en) | System for preventing access to sensitive information and related techniques | |
JP2021500782A (en) | Secure access control methods, computer programs, and systems for tools in a secure environment | |
CA2894993A1 (en) | User provisioning | |
US20160234215A1 (en) | Method and system for managing data access within an enterprise | |
EP3651034B1 (en) | Systems and methods for watermarking audio of saas applications | |
Lomotey et al. | Middleware-layer for authenticating mobile consumers of amazon s3 data | |
NL1039590C2 (en) | Method and system for recording user activities within a network. | |
US11526633B2 (en) | Media exfiltration prevention system | |
Li et al. | System for Cross-domain Identity Management: Definitions, Overview, Concepts, and Requirements | |
US20160357469A1 (en) | Secure sharing of storage area networks in a cloud | |
WO2024050103A1 (en) | Systems, devices and methods for authentication and authorization to provide adaptive access to resources | |
Khasnabish et al. | System for Cross-domain Identity Management: Definitions, Overview, Concepts, and Requirements |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
MM | Lapsed because of non-payment of the annual fee |
Effective date: 20150601 |