'Jump boxes' and SAWs improve security, if you set them up right

Organizations consistently and reliably using one or both of these approaches have far less risk than those that do not.

1 2 Page 2
Page 2 of 2

Originally, SAWs were implemented by having admins have two computers: one for their normal processing, and one for admin tasks only. This has evolved, in most places that use them, into a single computer, where one of the two “computers” runs as a virtual machine on the other. The most trustworthy model is where the admin computer is the physical desktop and the non-admin, “everything goes” desktop runs as a virtual machine on top of it. You can run the trust model the other way, and it is probably operationally easier to do so, but for better security you want the most trustworthy computer hosting the less secure session. Using virtual machines allows admins to pop back and forth using a few keystrokes, and that’s hard for anyone to complain about.

If a few keystrokes, to switch between admin and non-admin instances is too bothersome, many companies use privilege management software to control which applications on a single computer can run administratively or not. Although not as secure as running two different computers or two different desktop sessions, it is a workable trade-off for many environments.

A growing popular middle-ground between running two different computer sessions and sharing a single desktop (with those inherent risks) is to run a single, more secure OS dedicate to keeping applications separate, so that picking up your email doesn’t allow a bad guy to learn your admin password. Joanna Rutkowski’s QubesOS is answering this call, and you can expect more vendors to follow. Qubes is a hypervisor-enabled desktop system with a focus on security isolation. It can run other operating systems and applications, each within its own virtual machine instance, appearing co-mingled on a single GUI desktop. All the admin user is doing is clicking on icons and running commands, without having to worry about security bleed-over between two environments.

Jump boxes are not dead

SAWs are preferred over jump boxes, but jump boxes are great solutions for particular scenarios. For example, the highest security possible can be gained by having SAW-using admins connect to centralized jump servers for all admin tasks. That way all the admin connections can be constrained to fewer origination points, making it easier for event monitors to see unauthorized admin attempts. Jump boxes are also great places for crossing security domains or forcing remote admins to VPN into before going on to further connect to a network. I also see companies placing application-specific admin tools on app-specific jump boxes instead of allowing them to be installed on admins' individual SAWs.

Jump in a little or require SAWs everywhere. No matter what you do, implementing jump boxes and SAWs can only strengthen your environment.

Copyright © 2017 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Get the best of CSO ... delivered. Sign up for our FREE email newsletters!