Isolation of Admin Activities: Endpoints + Jump Servers Ideas?

[James Webb <webbjt () APPSTATE EDU>]

Hi all,

We are looking at ways we can achieve greater monitoring, assurance, and
isolation of admin activities for privileged access to our High Impact
Services.

In particular,I'm  interested in looking at a potential trusted endpoints
model maybe  tied to jump servers (or VPN).

By doing an "environmental survey" ("site:.edu Google searches for the
win!"), I came across Stanford's PAWS program which looks really
interesting:  (required bastion endpoint for high impact services..tied to
Min Sec. Standards).: https://uit.stanford.edu/service/paw

I haven't seen too many other resources however (at least forward-facing)
about how other may be approaching.

If anyone has done some work in this areas, I'd really value to learn more
about your experience and ideas.

*Some investigation points we are looking at:*

   - Sec Build / Engineering Approach  (Maybe sensitive to share details
   but high level what core components - patch, fde, vm, whitelist, hardening
   standard?)
   - Authentication Model for Endpoint Access
   - Supported Platforms For Bastion Endpoints (Win, Mac, Linux?)
   - VDI, Hardware-based, both?
   - Connected to Use of Jump Servers or VPN? (High Instrumentation /
   Modeling)
   - Policy + Culture: Modeling Change To Sysadmin Community, Changes
   Driven By Sec Incident/Proactive?

Thanks for any ideas or info!

All The Best,

-Jim

James Webb CISSP,CISM,CEH,ITILV3F Chief Information Security Officer
Appalachian State University ITS - Office of Information Security phone:
828-262-6277 fax: 828-262-2236 web: http://security.appstate.edu twitter:
@appinfosec