With malicious hackers and malware infesting nearly every enterprise network these days, "jump boxes" have become very popular. A jump box is a specially secured computer that administrators must (or should) log on to in order to gain access to other computers and administrate them. The hope is that these jump boxes are specially secured -- and are less likely to get exploited by hackers or malware.
Jump boxes can decrease risk, but you need to implement their special protections properly. Many enterprises start with the best of intentions, but when I audit jump boxes, I often see a jumble of weak security policies and high-risk behaviors that make them just as insecure as a regular user's PC.
In the computer security world, a basic premise underlies setting up a "secure environment": Systems of lower trust should never be able to modify or control systems of higher trust or importance. Most jump boxes tend to break this basic rule because the computers people use to connect to jump boxes are less trustworthy than the jump boxes themselves.
Often, PCs that connect to jump boxes are open to the Internet all day long and can be as infected and exploited as any other computer in your environment. What good is a jump box if the computer connecting to it has a keylogging Trojan copying every password or smartcard token you use? Your jump box and the computer linking to it -- let's call it the "originating computer" for this discussion -- should both be highly secure systems.
Here are the protective measures you should take for jump boxes and the systems that connect to them.
Most of today's operating systems and applications come fairly well secured. Don't mess it up. Consider configuring the originating computer and jump server with the "high security" settings if they exist. You want to enforce only the best and most secure protocols and options.
If you use regular passwords, they should be long and complex (15 characters or more). Try to require smartcards or other two-factor authentication methods for all elevated users. If you're managing multiple environments (that is, different forests), make sure logon credentials are not shared among environments. If you use smartcards, key fobs, or other two-factor authentication, make sure those aren't shared, either. Yes, it'll be harder to administrate multiple environments. But if you share that stuff, why have different environments in the first place?
No browsing the Internet
If I check your jump box and see it has a browser installed or can browse to the Internet unhindered, then you've failed the audit. Browsing the Internet is a high-risk activity that should not be allowed either on the jump box or the originating computer. I know many of you probably use your regular workstation to connect to jump boxes. This is a bad idea. Use a separate computer (or VM) to connect to your jump box. That originating computer should not be able to browse the Internet to any site; if you allow it to connect only to vendor sites and legitimate driver download sites, that's OK.