Jump server explained

A jump server, jump host or jump box is a system on a network used to access and manage devices in a separate security zone. A jump server is a hardened and monitored device that spans two dissimilar security zones and provides a controlled means of access between them. The most common example is managing a host in a DMZ from trusted networks or computers.

Background

In the 1990s when co-location facilities became more common there was a need to provide access between dissimilar security zones. The jump server concept emerged to meet this need. The jump server would span the two networks and typically be used in conjunction with a proxy service such as SOCKS to provide access from an administrative desktop to the managed device. As SSH-based tunneling became common, jump servers became the de facto method of access.

Implementation

Jump servers are often placed between a secure zone and a DMZ to provide transparent management of devices on the DMZ once a management session has been established. The jump server acts as a single audit point for traffic and also a single place where user accounts can be managed. A prospective administrator must log into the jump server in order to gain access to the DMZ assets and all access can be logged for later audit.

Unix

A typical configuration is a hardened Unix (or Unix-like) machine configured with SSH and a local firewall. An administrator connects to a target machine in the DMZ by making an SSH connection from the administrator's personal computer to the jump server and then using SSH forwarding to access the target machine.

Using SSH port forwarding or an SSH-based tunnel to the target host allows the use of insecure protocols to manage servers without creating special firewall rules or exposing the traffic on the inside network.

Windows

A typical configuration is a Windows server running Remote Desktop Services that administrators connect to, this isolates the secure infrastructure from the configuration of the administrator's workstation.[1] It is also possible to enable OpenSSH server on Windows 10 (build 1809 and later) and Windows Server editions 2019 & 2022.[2]

Security risks

A jump server is a potential risk in a network's design.[3] There are several ways of improving the security of the jump server, including:

With the high level of risk that a jump server can represent, a VPN may be a suitable and higher security replacement.[10]

In 2015, a compromised jump server allowed attackers access to over 21.5 million records in one of the largest breaches of government data in the history of the United States.[11]

See also

External links

Notes and References

  1. Web site: Implementing Secure Administrative Hosts. docs.microsoft.com.
  2. Web site: robinharwood . Get started with OpenSSH for Windows . 2022-12-02 . learn.microsoft.com . en-us.
  3. Web site: 'Jump boxes' and SAWs improve security, if you set them up right. Roger A.. Grimes. July 26, 2017. CSO Online.
  4. Web site: Pompon . Raymond . Vinberg . Sander . Protecting Critical Systems with Isolation and Jump Boxes - F5 Labs . F5 Labs . 2021-09-21 . 2022-01-28.
  5. Web site: Hess . Ken . Jump Box Security » Linux Magazine . Linux Magazine . 2022-01-28.
  6. Web site: 4 OT/IT network segmentation techniques - selecting a cyber resilient configuration- Applied Risk . Applied Risk . 2021-11-24 . 2022-01-28.
  7. Web site: Jump server . Intelligent Systems Monitoring – Systems Monitoring Made Easy . 2018-05-03 . 2022-01-28.
  8. Web site: Guidance for Secure Interactive Remote Access . North American Electric Reliability Corporation . 2011-08-24 . 2022-01-28 . 38.
  9. Web site: Grimes . Roger A. . 'Jump boxes' and SAWs improve security, if you set them up right . CSO Online . 2017-07-26 . 2022-01-28.
  10. Web site: Is the Jump Box Obsolete?. Rajat. Bhargava. January 10, 2014. O'Reilly Radar.
  11. Inside the Cyberattack That Shocked the US Government. October 23, 2016. Wired. Brendan. Koerner.