A lot of companies rely on jump servers as part of their security strategy. It’s common for a company to create a jump server for IT administrators to connect to SSH and RDP as part of perimeter network security. While jump servers are a secure option, they come with their own set of challenges.
What are jump servers?
A jump server or jump box is a system on a network that accesses and manages all the devices in a different zone of security. It is a hardened device that spans two different security zones and enables a controlled means of access between them. Admins use the hardened server to “jump” through to access other servers. Database and network admins use jump servers to manage systems and applications remotely. This allows them to log in to another computer over a network, execute commands and move files from one computer to another.
The goal of jump servers is to act as a gateway to limit the potential attack surface. Jump servers create a separation between the privileged user or admin’s workstation and the asset (usually a server) they are trying to access.
A potential barrier for PAM adoption
As companies implement privileged access management tools, all privileged credentials must now go through the PAM software to be authenticated. To do this, the PAM software needs secure connection points to all your system infrastructure. This requires built-in integration points, proxies and jump servers.
The challenge with a jump server is it merely limits access to a client running on another host. While this is secure, it is cumbersome to use and slow. Admins now have to access the jump server through the WEB browser. This is fine for a regular user but admins work at lightning speeds when it comes to clicks and drag-n-drops. A jump server slows things down. Instead, admins and developers find workarounds that are not as secure or don’t use PAM at all.
Jump servers add another step to the process. It changes the way admins and developers are used to working. While change is not bad thing, admins get used to working a specific way. If that change is also cumbersome, it becomes a barrier for PAM adoption.
One way PAM vendors are working to address the challenges of jump servers is by developing advanced proxy support for SSH, RDP, web proxies, and even Oracle SQL. With the proxy, you can open up the server/software through PAM for native clients. This allows admins to create secure, high trust remote sessions directly from their desktop or mobile application without the need to download agents or launch secondary software. The user can run their own client directly from their own workstation while a secure session runs through the PAM software. This ensures that permissions and workflows are enforced and session events are tracked and monitored. This makes it easier for companies to implement and enforce PAM requirements such as auditing, permissions and password rotation without disrupting existing IT workflows.
At Xton, we have invested time and resources to build several advanced proxies into the XTAM platform. Our goal is to simplify privileged access management and increase the adoption of PAM software by companies and their users. With advance proxy support for RDP, SSH, HTTP, and Oracle SQL, we are providing administrators with secure and efficient access to the systems they need to do their jobs while satisfying audit and senior management requirements for just-in-time secure access and controls.
If you are using jump servers as part of your PAM strategy and struggling with adoption, inquire about advanced proxy support. These proxies help customers increase the adoption of PAM tools by their privileged users.
For more information on XTAM proxy support visit https://help.xtontech.com for product documentation and how-to guides.