To the greatest degree possible, segregate third-party access from critical systems. These must be separate roles, and both must be logged and set up with alerts so that attackers’ attempts to move laterally are more difficult to execute and easier to identify. Two key processes to examine are change control (such as pushing a patch to production) and authorization (such as granting someone administrator privileges). Data sources for the application, whether internal or external, need to be treated to the same role-based access controls as human users.īusiness and operational processes will also cross the trust boundary, and several of these functions are core to why we need jump boxes. This can mean that only certain individuals have administrative privileges in the app, or it can mean that administrators can only access the control surfaces from specific subnets. You also need to restrict administrative access at the application level. Figure 1 below gives a simple example of how this looks. Either way, these devices are also part of the assets that fall in scope for management through the jump box. The most common tools for this are network security devices like firewalls or virtual LANs (VLANs). Once you know what systems require this extra layer of protection, you can define the shape of the trust boundary. Implementing least privilege around administrative accounts in such an environment might take a drastically different form, but the same principles apply, particularly because visibility in these environments might be more difficult. In the cloud, remote management doesn’t mean connecting through SSH to a server somewhere-it means web-based management tooling. Things become more complex in the cloud, where systems scale up elastically on demand. This means systems like databases, application servers, and any systems that hold or run critical data or functions as well as segmenting any assets from which an attacker could move laterally to the processing environment, such as management systems. The ideal environment to access through a jump box is an isolated system providing a mission-critical service. The first thing you need to figure out is what functions and components are good candidates for this setup. Securing Administrator Access with Jump Boxes Not only do jump boxes provide required isolation and network segmentation practices that are part of many standards, but they are also one of the best interconnections to monitor and log. While jump boxes alone aren’t going to solve the problems that phishing and ransomware present, they will help limit their impact if you are compromised.Īnother is for compliance. Many significant breaches begin by harvesting administrator credentials through phishing, either using malware or by obtaining credentials with a spoofed authentication prompt. 1Ī jump box is a hardened machine for segregating administrator access. One step on that journey is using jump boxes to contain the risk around administrator authorizations. Zero Trust is ideal but it can be a real challenge. One of the areas where it’s important to implement least privilege is administrator access because it can have such profound effects. One of the core principles of information security is the concept of least privilege.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |