'Jump boxes' improve security, if you set them up right

It's a good idea to set up an ultrasecure computer as a bridge to log on to other PCs, but serious protections must be in place

With malicious hackers and malware infesting nearly every enterprise network these days, "jump boxes" have become very popular. A jump box is a specially secured computer that administrators must (or should) log on to in order to gain access to other computers and administrate them. The hope is that these jump boxes are specially secured -- and are less likely to get exploited by hackers or malware.

Jump boxes can decrease risk, but you need to implement their special protections properly. Many enterprises start with the best of intentions, but when I audit jump boxes, I often see a jumble of weak security policies and high-risk behaviors that make them just as insecure as a regular user's PC.

[ Take a tour of the latest threats and what you can do to stop them in InfoWorld's Malware Deep Dive Report. | Learn how to secure your systems with InfoWorld's Security Central newsletter. ]

In the computer security world, a basic premise underlies setting up a "secure environment": Systems of lower trust should never be able to modify or control systems of higher trust or importance. Most jump boxes tend to break this basic rule because the computers people use to connect to jump boxes are less trustworthy than the jump boxes themselves.

Often, PCs that connect to jump boxes are open to the Internet all day long and can be as infected and exploited as any other computer in your environment. What good is a jump box if the computer connecting to it has a keylogging Trojan copying every password or smartcard token you use? Your jump box and the computer linking to it -- let's call it the "originating computer" for this discussion -- should both be highly secure systems.

Here are the protective measures you should take for jump boxes and the systems that connect to them.

Security hardened

Most of today's operating systems and applications come fairly well secured. Don't mess it up. Consider configuring the originating computer and jump server with the "high security" settings if they exist. You want to enforce only the best and most secure protocols and options.

Strong authentication

If you use regular passwords, they should be long and complex (15 characters or more). Try to require smartcards or other two-factor authentication methods for all elevated users. If you're managing multiple environments (that is, different forests), make sure logon credentials are not shared among environments. If you use smartcards, key fobs, or other two-factor authentication, make sure those aren't shared, either. Yes, it'll be harder to administrate multiple environments. But if you share that stuff, why have different environments in the first place?

No browsing the Internet

If I check your jump box and see it has a browser installed or can browse to the Internet unhindered, then you've failed the audit. Browsing the Internet is a high-risk activity that should not be allowed either on the jump box or the originating computer. I know many of you probably use your regular workstation to connect to jump boxes. This is a bad idea. Use a separate computer (or VM) to connect to your jump box. That originating computer should not be able to browse the Internet to any site; if you allow it to connect only to vendor sites and legitimate driver download sites, that's OK.

1 2 Page
Join the discussion
Be the first to comment on this article. Our Commenting Policies