[go: nahoru, domu]
Jump to content

Jump server: Difference between revisions

From Wikipedia, the free encyclopedia
Browse history interactively
← Previous edit
Content deleted Content added
VisualWikitext
m changed 'computer' to 'system' since a computer is too restrictive (eg: vdi, a guest system, a dedicated tunneling device etc)
For an apparatus for starting a vehicle, see Jump start (vehicle) § Other methods.
 
(32 intermediate revisions by 15 users not shown)
Line 1: Line 1:
{{short description|A computer on a network used to access a separate security zone}}
{{short description|Computer on a network used to access a separate security zone}}
{{Redirect|Jump box|boxes used in jumping exercises|Plyometrics}}
{{Redirect|Jump box|boxes used in jumping exercises|Plyometrics|an apparatus for starting a vehicle|Jump start (vehicle)#Other methods}}
{{Multiple issues|

{{More citations needed|article|date=October 2021}}
A '''jump server''', '''jump host''' or '''jump box''' is a system on a [[Computer network|network]] used to access and manage devices in a separate security zone. The most common example is managing a host in a [[DMZ (computing)|DMZ]] from trusted networks or computers.
{{Original research|date=October 2021}}

}}
A jump server is a [[Hardening (computing)|hardened]] and monitored device that spans two dissimilar security zones and provides a controlled means of access between them. User access should be tightly controlled and monitored.{{cn|date=April 2018}}
A '''jump server''', '''jump host''' or '''jump box''' is a system on a [[Computer network|network]] used to access and manage devices in a separate security zone. A jump server is a [[Hardening (computing)|hardened]] and monitored device that spans two dissimilar security zones and provides a controlled means of access between them. The most common example is managing a host in a [[DMZ (computing)|DMZ]] from trusted networks or computers.


==Background==
==Background==
In the 1990s when co-location facilities became more common there was a need to provide access between dissimilar security zones. The jump server concept emerged to meet this need. The jump server would span the two networks and typically be used in conjunction with a proxy service such as [[SOCKS]] to provide access from an administrative desktop to the managed device. As [[Tunneling_protocol#SSH|SSH tunneling]] became common, jump servers became the de facto method of access.
In the 1990s when co-location facilities became more common there was a need to provide access between dissimilar security zones. The jump server concept emerged to meet this need. The jump server would span the two networks and typically be used in conjunction with a proxy service such as [[SOCKS]] to provide access from an administrative desktop to the managed device. As [[Tunneling protocol#SSH|SSH-based tunneling]] became common, jump servers became the de facto method of access.


==Implementation==
==Implementation==
Jump servers are typically placed between a secure zone and a DMZ to provide transparent management of devices on the DMZ once a management session has been established. The jump server acts as a single audit point for traffic and also a single place where user accounts can be managed. A prospective administrator must log into the jump server in order to gain access to the DMZ assets and all access can be logged for later audit.
Jump servers are often placed between a secure zone and a DMZ to provide transparent management of devices on the DMZ once a management session has been established. The jump server acts as a single audit point for traffic and also a single place where user accounts can be managed. A prospective administrator must log into the jump server in order to gain access to the DMZ assets and all access can be logged for later audit.


=== Unix ===
=== Unix ===
A typical configuration is a hardened Unix (or [[Unix-like]]) machine configured with [[Secure Shell|SSH]] and a local firewall. An administrator connects to a target machine in the DMZ by making an SSH connection from the administrator's personal computer to the jump server and then using SSH forwarding to access the target machine.
A typical configuration is a hardened Unix (or [[Unix-like]]) machine configured with [[Secure Shell|SSH]] and a local [[Firewall (computing)|firewall]]. An administrator connects to a target machine in the DMZ by making an SSH connection from the administrator's personal computer to the jump server and then using SSH forwarding to access the target machine.


Using an SSH tunnel to the target host allows the use of insecure protocols to manage servers without creating special firewall rules or exposing the traffic on the inside network.
Using SSH port forwarding or an SSH-based tunnel to the target host allows the use of insecure protocols to manage servers without creating special firewall rules or exposing the traffic on the inside network.


=== Windows ===
=== Windows ===
A typical configuration is a Windows server running [[Remote Desktop Services]] that administrators connect to, this isolates the secure infrastructure from the configuration of the administrator's workstation.<ref>{{Cite web|url=https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/implementing-secure-administrative-hosts|title=Implementing Secure Administrative Hosts|website=docs.microsoft.com}}</ref>
A typical configuration is a Windows server running [[Remote Desktop Services]] that administrators connect to, this isolates the secure infrastructure from the configuration of the administrator's workstation.<ref>{{Cite web|url=https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/implementing-secure-administrative-hosts|title=Implementing Secure Administrative Hosts|website=docs.microsoft.com}}</ref> It is also possible to enable OpenSSH server on Windows 10 (build 1809 and later) and Windows Server editions 2019 & 2022.<ref>{{Cite web |last=robinharwood |title=Get started with OpenSSH for Windows |url=https://learn.microsoft.com/en-us/windows-server/administration/openssh/openssh_install_firstuse |access-date=2022-12-02 |website=learn.microsoft.com |language=en-us}}</ref>


==Security risks==
==Security risks==
A jump server is a potential risk in a network's design.<ref>{{Cite web|url=https://www.csoonline.com/article/2612700/security-jump-boxes-improve-security-if-you-set-them-up-right.html|title='Jump boxes' and SAWs improve security, if you set them up right|first=Roger A.|last=Grimes|date=July 26, 2017|website=CSO Online}}</ref> There are several ways of improving the security of the jump server, including:
A jump server is a potential risk in a network's design.<ref>{{Cite web|url=https://www.csoonline.com/article/2612700/security-jump-boxes-improve-security-if-you-set-them-up-right.html|title='Jump boxes' and SAWs improve security, if you set them up right|first=Roger A.|last=Grimes|date=July 26, 2017|website=CSO Online}}</ref> There are several ways of improving the security of the jump server, including:


* Properly subnetting / segmenting the network,<ref name="Pompon Vinberg 2021">{{cite web |last1=Pompon |first1=Raymond |last2=Vinberg |first2=Sander |title=Protecting Critical Systems with Isolation and Jump Boxes - F5 Labs |website=F5 Labs |date=2021-09-21 |url=https://www.f5.com/labs/articles/cisotociso/protecting-critical-systems-with-isolation-and-jump-boxes |access-date=2022-01-28}}</ref> and securing [[VLANs]] using a firewall<ref name="Hess"/> or router.
* Reducing the subnet size (increasing the number of subnets), and securing those [[Virtual LAN|VLANs]] using a firewall or router.
* Using higher security authentication, such as [[multi-factor authentication]].
* Using higher security authentication, such as [[multi-factor authentication]].<ref name="Hess">{{cite web |last=Hess |first=Ken |title=Jump Box Security » Linux Magazine |website=Linux Magazine |url=http://www.linux-magazine.com/Online/Features/Jump-Box-Security |access-date=2022-01-28}}</ref>
* Keeping the operating system and software on the jump server up to date.<ref name="Applied Risk 2021">{{cite web |title=4 OT/IT network segmentation techniques - selecting a cyber resilient configuration- Applied Risk |website=Applied Risk |date=2021-11-24 |url=https://applied-risk.com/resources/4-ot-it-network-segmentation-techniques-selecting-a-cyber-resilient-configuration |access-date=2022-01-28}}</ref>
* Keeping the operating system and software on the jump server up to date.
* Using [[Access control list|ACLs]] to restrict access.<ref name="Intelligent Systems Monitoring 2018">{{cite web |title=Jump server |website=Intelligent Systems Monitoring – Systems Monitoring Made Easy |date=2018-05-03 |url=https://intelligentsystemsmonitoring.com/tag/jump-server/ |access-date=2022-01-28}}</ref>
* Using [[Access control list|ACLs]] to restrict access to only the people that require it.
* Not allowing outbound access to the rest of the internet from the jump server.<ref name="NERC 2011">{{cite web |title=Guidance for Secure Interactive Remote Access |website=North American Electric Reliability Corporation |date=2011-08-24 |url=https://www.nerc.com/fileUploads/File/Events%20Analysis/FINAL-Guidance_for_Secure_Interactive_Remote_Access.pdf|access-date=2022-01-28 |page=38}}</ref>
* Do not allow outbound access to the rest of the internet from the jump server.
* Restricting which programs can be run on the jump server.<ref name="Grimes 2017">{{cite web |last=Grimes |first=Roger A. |title='Jump boxes' and SAWs improve security, if you set them up right |website=CSO Online |date=2017-07-26 |url=https://www.csoonline.com/article/2612700/security-jump-boxes-improve-security-if-you-set-them-up-right.html |access-date=2022-01-28}}</ref>
* Restrict which programs can be run on the jump server.
* Enabling strong logging for monitoring and alerting of suspicious activity.<ref name="Applied Risk 2021"/>
* Enable strong logging.

With the high level of risk that a jump server can represent, a [[Virtual private network|VPN]] may be a suitable and higher security replacement.<ref>{{Cite web|url=http://radar.oreilly.com/2014/01/is-the-jump-box-obsolete.html|title=Is the Jump Box Obsolete?|first=Rajat|last=Bhargava|date=January 10, 2014|website=O'Reilly Radar}}</ref>
With the high level of risk that a jump server can represent, a [[Virtual private network|VPN]] may be a suitable and higher security replacement.<ref>{{Cite web|url=http://radar.oreilly.com/2014/01/is-the-jump-box-obsolete.html|title=Is the Jump Box Obsolete?|first=Rajat|last=Bhargava|date=January 10, 2014|website=O'Reilly Radar}}</ref>


In 2015, a compromised jump server allowed attackers access to over 21.5 million records in one of the [[Office of Personnel Management data breach|largest breaches of government data in the history of the United States]]<ref>{{Cite web|url=https://www.wired.com/2016/10/inside-cyberattack-shocked-us-government/|title=Inside the Cyberattack That Shocked the US Government|date=October 23, 2016|website=Wired|first=Brendan|last=Koerner}}</ref>
In 2015, a compromised jump server allowed attackers access to over 21.5 million records in one of the [[Office of Personnel Management data breach|largest breaches of government data in the history of the United States]].<ref>{{Cite magazine|url=https://www.wired.com/2016/10/inside-cyberattack-shocked-us-government/|title=Inside the Cyberattack That Shocked the US Government|date=October 23, 2016|magazine=Wired|first=Brendan|last=Koerner}}</ref>


==See also==
==See also==
* [[Bastion host]]
* [[Bastion host]]
* [[DMZ (computing)|DMZ]]
* [[Firewall (computing)|Firewall]]
* [[Hardening (computing)|Hardening]]
* [[Proxy server]]
* [[Proxy server]]


Latest revision as of 17:39, 10 October 2023

"Jump box" redirects here. For boxes used in jumping exercises, see Plyometrics. For an apparatus for starting a vehicle, see Jump start (vehicle) § Other methods.

A jump server, jump host or jump box is a system on a network used to access and manage devices in a separate security zone. A jump server is a hardened and monitored device that spans two dissimilar security zones and provides a controlled means of access between them. The most common example is managing a host in a DMZ from trusted networks or computers.

Background[edit]

In the 1990s when co-location facilities became more common there was a need to provide access between dissimilar security zones. The jump server concept emerged to meet this need. The jump server would span the two networks and typically be used in conjunction with a proxy service such as SOCKS to provide access from an administrative desktop to the managed device. As SSH-based tunneling became common, jump servers became the de facto method of access.

Implementation[edit]

Jump servers are often placed between a secure zone and a DMZ to provide transparent management of devices on the DMZ once a management session has been established. The jump server acts as a single audit point for traffic and also a single place where user accounts can be managed. A prospective administrator must log into the jump server in order to gain access to the DMZ assets and all access can be logged for later audit.

Unix[edit]

A typical configuration is a hardened Unix (or Unix-like) machine configured with SSH and a local firewall. An administrator connects to a target machine in the DMZ by making an SSH connection from the administrator's personal computer to the jump server and then using SSH forwarding to access the target machine.

Using SSH port forwarding or an SSH-based tunnel to the target host allows the use of insecure protocols to manage servers without creating special firewall rules or exposing the traffic on the inside network.

Windows[edit]

A typical configuration is a Windows server running Remote Desktop Services that administrators connect to, this isolates the secure infrastructure from the configuration of the administrator's workstation.[1] It is also possible to enable OpenSSH server on Windows 10 (build 1809 and later) and Windows Server editions 2019 & 2022.[2]

Security risks[edit]

A jump server is a potential risk in a network's design.[3] There are several ways of improving the security of the jump server, including:

  • Properly subnetting / segmenting the network,[4] and securing VLANs using a firewall[5] or router.
  • Using higher security authentication, such as multi-factor authentication.[5]
  • Keeping the operating system and software on the jump server up to date.[6]
  • Using ACLs to restrict access.[7]
  • Not allowing outbound access to the rest of the internet from the jump server.[8]
  • Restricting which programs can be run on the jump server.[9]
  • Enabling strong logging for monitoring and alerting of suspicious activity.[6]

With the high level of risk that a jump server can represent, a VPN may be a suitable and higher security replacement.[10]

In 2015, a compromised jump server allowed attackers access to over 21.5 million records in one of the largest breaches of government data in the history of the United States.[11]

See also[edit]

References[edit]

  1. ^ "Implementing Secure Administrative Hosts". docs.microsoft.com.
  2. ^ robinharwood. "Get started with OpenSSH for Windows". learn.microsoft.com. Retrieved 2022-12-02.
  3. ^ Grimes, Roger A. (July 26, 2017). "'Jump boxes' and SAWs improve security, if you set them up right". CSO Online.
  4. ^ Pompon, Raymond; Vinberg, Sander (2021-09-21). "Protecting Critical Systems with Isolation and Jump Boxes - F5 Labs". F5 Labs. Retrieved 2022-01-28.
  5. ^ a b Hess, Ken. "Jump Box Security » Linux Magazine". Linux Magazine. Retrieved 2022-01-28.
  6. ^ a b "4 OT/IT network segmentation techniques - selecting a cyber resilient configuration- Applied Risk". Applied Risk. 2021-11-24. Retrieved 2022-01-28.
  7. ^ "Jump server". Intelligent Systems Monitoring – Systems Monitoring Made Easy. 2018-05-03. Retrieved 2022-01-28.
  8. ^ "Guidance for Secure Interactive Remote Access" (PDF). North American Electric Reliability Corporation. 2011-08-24. p. 38. Retrieved 2022-01-28.
  9. ^ Grimes, Roger A. (2017-07-26). "'Jump boxes' and SAWs improve security, if you set them up right". CSO Online. Retrieved 2022-01-28.
  10. ^ Bhargava, Rajat (January 10, 2014). "Is the Jump Box Obsolete?". O'Reilly Radar.
  11. ^ Koerner, Brendan (October 23, 2016). "Inside the Cyberattack That Shocked the US Government". Wired.

External links[edit]

Retrieved from "https://en.wikipedia.org/w/index.php?title=Jump_server&oldid=1179521063"