HashiConf The full conference agenda's now LIVE. Buy your pass and plan your schedule. Register
Boundary
Boundary Home

Auditing

A fundamental challenge of securing access to sensitive computing resources is creating a system of record around users' access and actions over remote sessions. Organizations are typically motivated to invest in recording capabilities to address at least one of the following:

  1. Compliance management: Organizations need to prove compliance of their infrastructure's security posture to internal or external auditors. Records of remote access are often required.

    Various laws and regulations have record keeping requirements. These laws and regulations specify what activities need to be recorded and how long the records must be kept. One of the reasons an organization records access to a system is to comply with the record keeping requirements of a law or regulation.

  2. Threat management: Organizations must monitor, investigate, and react to security incidents and malicious activity. Further, security teams seek to prevent incidents and proactively identify potential threats in real time.

    In the course of their investigations, security teams may need to identify suspicious activity conducted by a specific principal or against a specific target. Administrators may require a breakdown of session information by user or a time-based view of past activities, for example.

Session recording

Boundary provides auditing capabilities via session recording. In Boundary, a session represents a set of connections between a user and a host from a target. The session begins when an authorized user requests access to a target, and it ends when that access is terminated. All sessions have a fixed time limit, and all connections are proxied through a worker.

Sessions are recorded by workers. Workers are the proxy between an end user and a target. No session data is routed through a controller during the recording stage. The worker stores the session recording on local disk during the recording phase, and then moves the recording to the external object store when the session is terminated. Session recordings are stored in the BSR (Boundary Session Recording) format.

More information

Refer to the following topics for more information:

Edit this page on GitHub