'Jump boxes' and SAWs improve security, if you set them up right

Organizations consistently and reliably using one or both of these approaches have far less risk than those that do not.

Page 2 of 2

If a few keystrokes, to switch between admin and non-admin instances is too bothersome, many companies use privilege management software to control which applications on a single computer can run administratively or not. Although not as secure as running two different computers or two different desktop sessions, it is a workable trade-off for many environments.

A growing popular middle-ground between running two different computer sessions and sharing a single desktop (with those inherent risks) is to run a single, more secure OS dedicate to keeping applications separate, so that picking up your email doesn’t allow a bad guy to learn your admin password. Joanna Rutkowski’s QubesOS is answering this call, and you can expect more vendors to follow. Qubes is a hypervisor-enabled desktop system with a focus on security isolation. It can run other operating systems and applications, each within its own virtual machine instance, appearing co-mingled on a single GUI desktop. All the admin user is doing is clicking on icons and running commands, without having to worry about security bleed-over between two environments.

Jump boxes are not dead

SAWs are preferred over jump boxes, but jump boxes are great solutions for particular scenarios. For example, the highest security possible can be gained by having SAW-using admins connect to centralized jump servers for all admin tasks. That way all the admin connections can be constrained to fewer origination points, making it easier for event monitors to see unauthorized admin attempts. Jump boxes are also great places for crossing security domains or forcing remote admins to VPN into before going on to further connect to a network. I also see companies placing application-specific admin tools on app-specific jump boxes instead of allowing them to be installed on admins' individual SAWs.

Jump in a little or require SAWs everywhere. No matter what you do, implementing jump boxes and SAWs can only strengthen your environment.

| 1 2 Page 2
Cybersecurity market research: Top 15 statistics for 2017