![]() Many hackers love to compromise otherwise trusted third party or social media sites, in what are known as “watering hole” attacks. If the allowed list starts growing into the dozens of exceptions and includes sites not directly sponsored by a particular vendor, the risk starts to increase. As long as these allowed web sites are kept very limited (say fewer than 10 sites) and are mostly vendor software download locations, this is acceptable. Some shops allow a very limited number of connections to pre-approved internet sites. It’s the biggest requirement for reducing risk. If you allow unfettered access to the internet from a jump box or SAW, you really shouldn’t implement them. No browsing the internetĪccess to or from the internet is the make or break option as to whether you take your jump box or SAW security seriously. This significantly lessens the possibility that a very elevated credential will be stolen. The best shops prevent elevated admins, like domain admins or enterprise admins in Microsoft Active Directory environments, from connecting to anything other than domain controllers or the few servers to which they absolutely have to connect for install or configuration duties (i.e., Exchange servers, Active Directory Certificate Services installs, etc.). ![]() The mechanism you use to accomplish it doesn’t matter as much as that you prevent most default connectivity. You can enforce connection allows and denies using firewalls, IPSEC, VPNs, or other connection limiting mechanisms, such as NetBIOS computer enforcement, VLANs, proxies, or 802.1x network enforcement. Jump boxes should have none or be limited, or only allowed by exception, a connection from another trusted computer. SAWs should not have any inbound connections at all. You don’t want them connecting to a relatively unprotected computer, picking up an exploit, and then going on to do administrative things on mission-critical resources, taking maliciousness along for the ride.Ĭonversely, you don’t want every computer in your environment able to connect to your most secure boxes. (More on this below.) Almost as important, is that they not be allowed to connect to regular end-user workstations. At the very least, they should not be allowed to connect to the internet and anything from the internet should not be allowed to connect to them. It is extremely important that jump boxes and SAWs are not allowed to connect to just anyplace. Only by having both controls enforced can they provide much needed security. Jump boxes and SAWs must be configured so that they are both less likely to be exploited and also must be restricted in what they are allowed to visit. If the system he is visiting is exploited, the admin’s originating session could get exploited or his admin credentials stolen. The vast majority of computer security risk in most environments comes from administrators using the same computers for performing the highest risk activities (e.g., using email, internet browsing, office productivity apps, etc.), and possibly being compromised, and then performing administrative tasks with administrative credentials on high-risk computer systems and networks.Įven an admin remotely visiting another user’s regular computer system that performs high risk activities is a risk. The central tenet behind both jump boxes and SAWs is that they are highly-secured computers never used for non-administrative tasks. The central tenet for highly-secured computers ![]() ![]() You should be using one or both, and if you’re not, you need to get busy. Both can be used to make your environment significantly more secure. Although related, they are used at different points (the SAW is always the first computer). Over the last few years, with malicious hackers and malware infesting nearly every enterprise network at will, security admins have been looking for a way to decrease the ability of hackers or their malware creations to steal admin credentials and take over an environment and the concept of a traditional “jump box” has morphed into an even more comprehensive and locked-down “secure admin workstation” (or SAW).Ī SAW is a computer the admin must originate from before performing any administrative task or connecting to any other administered server or network. A jump box is a secure computer that all admins first connect to before launching any administrative task or use as an origination point to connect to other servers or untrusted environments. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |