Frequently asked questions

1. How many user sessions can be stored on at once?

2. How Fudo PAM supports sessions archiving?

3. How to calculate storage space required for archiving sessions?

4. How users can hide their activities on servers which they access through Fudo PAM?

5. How to determine unauthorized access attempts to supervised servers?

6. Is it possible to hide the login screen when connecting over the RDP protocol?

7. Why the users list in the connection’s properties is incomplete?

8. Why is a user removed from the LDAP/AD server still present on the users list?

9. How frequently are users’ definitions synchronized with an LDAP/AD server?

10. I see * instead of the keystrokes in the session player. Is it possible to see the actual keyboard input?

11. Can I deactivate a session URL?

12. What should I do before returning a demonstration unit after testing?


1. How many user sessions can be stored at once?

Fudo PAM F1000 series is delivered with 24 TB of RAW hard drive space (15.9 TB usable) while the F3000 series appliances come with 96 TB of RAW storage space (59.9 TB usable) dedicated for storing users sessions.

Size of the stored session is determined by user’s activity. An hour of recorded connection takes on average:

RDP 218 MB active user session (no activity generates almost no data). Definite session size depends on the screen resolution, color depth and actual user activity.
SSH 41.5 MB active session.

Given that assumptions, internal storage space enables recording of:

  RDP SSH
F1000 28.6 years 150.2 years
F3000 112.8 years 592.5 years

Note

  • Disk usage figures include space taken up by the filesystem’s redundancy mechanism. The filesystem reserves a portion of available storage, which results in some of the storage space being reported as used on a newly initiated system.
  • Fudo PAM allows specifying how long sessions data should be stored, and will automatically delete session data after a certain time, determined by retention parameter, elapses.

2. How Fudo PAM supports sessions archiving?

All sessions are stored on Fudo PAM internal storage space. In addition to that, Fudo PAM allows exporting sessions in native format or a video record.


3. How to calculate storage space required for archiving sessions?

File size of sessions in native format are the same as in question 1. In case of video record, file size depends on the codec and resolution settings.


4. How users can hide their activities on servers which they access through the Fudo PAM?

In case of the SSH protocol, Fudo PAM supports SCP channel and monitors all transferred files, including scripts. This allows auditing given session searching for malicious code embedded in software sent to the server.

Protection of other communication channels (e.g. web browser or other applications) are task for different kind of solutions. There is no solution similar to Fudo PAM which are able to monitor such channels, thus it is important to create proper server configuration by the system administrator.


5. How to determine unauthorized access attempts to supervised servers?

Unauthorized access and DoS attacks attempts, can be determined by analyzing event log entries. Each ERROR or WARNING severity entries should be closely examined. Cases of login timeout errors can be potential DoS attack attempts.


6. Is it possible to hide the login screen when connecting over the RDP protocol?

Hiding the Fudo PAM login screen requires using the Enhanced RDP Security (TLS) + NLA security mode.


7. Why the users list in the connection’s properties is incomplete?

The users list in the connection’s properties does not contain users synchronized with the LDAP service. To assign a connection to an LDAP synchronized user, define a group mapping in the LDAP synchronization properties or disable the synchronization option for the given user.


8. Why is a user removed from the LDAP/AD server still present on users list?

Deleting a user object from an AD or an LDAP server requires performing the full synchronization to reflect those changes on Fudo PAM. The full synchronization process is triggered automatically once a day at 00:00, or can be triggered manually in the LDAP synchronization settings view.


9. How frequently are users’ definitions synchronized with an LDAP/AD server?

New users definitions and changes in existing objects are imported from the directory service periodically every 5 minutes. The full synchronization process is triggered automatically once a day at 00:00.


10. I see * instead of the keystrokes in the session player. Is it possible to see the actual keyboard input?

Presenting keyboard input qualifies as a sensitive feature and it is disabled by default. Enabling displaying keystorkes in the session player requires a consent from two superadmin users. Refer to the Sensitive features topic for the details on enabling this functionality.


11. Can I deactivate a session URL?

Active session URL can be deactivated anytime. URL revoking procedure is described in the Sessions sharing topic.


12. What should I do before returning a demonstration unit after testing?

After testing Fudo, you should delete all session and configuration data by resetting configuration to default settings and erase the flash drive with the encryption key.