Educause Security Discussion mailing list archives
Isolation of Admin Activities: Endpoints + Jump Servers Ideas?
From: James Webb <webbjt () APPSTATE EDU>
Date: Thu, 9 Mar 2017 12:22:29 -0500
Hi all, We are looking at ways we can achieve greater monitoring, assurance, and isolation of admin activities for privileged access to our High Impact Services. In particular,I'm interested in looking at a potential trusted endpoints model maybe tied to jump servers (or VPN). By doing an "environmental survey" ("site:.edu Google searches for the win!"), I came across Stanford's PAWS program which looks really interesting: (required bastion endpoint for high impact services..tied to Min Sec. Standards).: https://uit.stanford.edu/service/paw I haven't seen too many other resources however (at least forward-facing) about how other may be approaching. If anyone has done some work in this areas, I'd really value to learn more about your experience and ideas. *Some investigation points we are looking at:* - Sec Build / Engineering Approach (Maybe sensitive to share details but high level what core components - patch, fde, vm, whitelist, hardening standard?) - Authentication Model for Endpoint Access - Supported Platforms For Bastion Endpoints (Win, Mac, Linux?) - VDI, Hardware-based, both? - Connected to Use of Jump Servers or VPN? (High Instrumentation / Modeling) - Policy + Culture: Modeling Change To Sysadmin Community, Changes Driven By Sec Incident/Proactive? Thanks for any ideas or info! All The Best, -Jim James Webb CISSP,CISM,CEH,ITILV3F Chief Information Security Officer Appalachian State University ITS - Office of Information Security phone: 828-262-6277 fax: 828-262-2236 web: http://security.appstate.edu twitter: @appinfosec
Current thread:
- Isolation of Admin Activities: Endpoints + Jump Servers Ideas? James Webb (Mar 09)