![]() ![]() In the cloud, remote management doesn’t mean connecting through SSH to a server somewhere-it means web-based management tooling. Things become more complex in the cloud, where systems scale up elastically on demand. This means systems like databases, application servers, and any systems that hold or run critical data or functions as well as segmenting any assets from which an attacker could move laterally to the processing environment, such as management systems. The ideal environment to access through a jump box is an isolated system providing a mission-critical service. The first thing you need to figure out is what functions and components are good candidates for this setup. Securing Administrator Access with Jump Boxes Not only do jump boxes provide required isolation and network segmentation practices that are part of many standards, but they are also one of the best interconnections to monitor and log. While jump boxes alone aren’t going to solve the problems that phishing and ransomware present, they will help limit their impact if you are compromised.Īnother is for compliance. Many significant breaches begin by harvesting administrator credentials through phishing, either using malware or by obtaining credentials with a spoofed authentication prompt. 1Ī jump box is a hardened machine for segregating administrator access. ![]() ![]() One step on that journey is using jump boxes to contain the risk around administrator authorizations. Zero Trust is ideal but it can be a real challenge. One of the areas where it’s important to implement least privilege is administrator access because it can have such profound effects. One of the core principles of information security is the concept of least privilege. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |