a session on the jump host is established using user account A but originates from a workstation running as user B. This includes detecting inconsistent usage of user accounts. Monitoring which users and accounts access the jump and where they connect is essential to detect possible malicious behavior. Some of these factors are:Įncryption technique (reversible encryption)Ĭomprehensive auditing and monitoring increase the chance of detecting, alerting, and reacting to malicious actions by an adversary. Nowadays, several factors come into play when describing a strong password policy. Strong password policyīecause the jump host serves as a single-entry point for critical resources a strong password policy should be in place. Using MFA effectively makes it more difficult for an adversary to gain access to the jump host. MFA or similar measures, such as smart cards or YubiKey, should be utilized in conjunction with a strong password policy. The jump host is the single access point to valuable and privileged resources, hence, something else than just a password should be needed to gain access. Multi-Factor Authentication (MFA) for logging onto the jump host should be utilized to increase the level of security. Hence, the software needed to be patched should be fairly limited, and in most cases, it will also be out-of-box solutions, which can be managed automatically. As described above, there should be a restriction on the usage of software on a jump host. ![]() There should be effective patch management of the OS, firewall, and software on the jump host ensuring the latest versions and security configurations. ![]() Effective patch and configuration management A jump host should not be allowed to connect to relatively unprotected devices, where there is an increased possibility that an exploit is being executed or picked up. Connections to servers and resources outside the scope of the jump host should not be allowed. Connections to regular end users’ workstations should not be allowed. Network and host restrictionsĪ jump host should be restricted to access only the servers in scope. In a nutshell, only tools that facilitate access to the servers in scope or are needed to keep the jump host secure should be allowed to run on the jump host. Many adversaries use tools that can be run as scripts, so it is also vital to restrict the usage of scripts. All unnecessary services and software should not be present on the jump host and should not be allowed to be installed or executed. Non-preapproved applications should be blocked. Firewall rules and usage of VPN, VLAN, or proxies are examples of measures that can limit the connections made to the jump host. Limiting the access to the jump host to originate from the network or specific addresses and trusted devices decreases the risk of an adversary being able to perform attacks against the jump host. Additionally, it should not be possible to connect to the jump host from the Internet. Blocking Internet accessĪ jump host should not be permitted to access the Internet nor be able to browse the organization’s intranet. Furthermore, the usage of encryption of disks, such as BitLocker, should be implemented to lower the risk of an adversary getting access to data in case the server is physically stolen, or the disk is removed. The physical server should be secured against unauthorized access. The physical server hosting the jump host should be kept in a secure facility reflecting the strict level of security of the resources that it facilitates access to. Therefore, the jump host must be maximally secured, hardened, and monitored. Because the jump host serves as a single point of entry to (privileged) resources it constitutes an increased security risk and a highly sought target by adversaries. ![]() The jump host should not have any other functions and services besides those that are needed to facilitate access to the desired resources. ![]() Some of the issues that can arise in more complex networks are touched upon later in this blog post.īroadly spoken a jump host should only be used to facilitate access to specific resources on the network. This is of course a highly simplified model and most networks that utilize jump hosts are often much more complex.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |