Creating a jump host in 2023

Remote Desktop Group Chat & Notifications Remote PC Access

Wazuh Landing Page
1

Wazuh

Open Source Host and Endpoint Security
Pricing:
- Open Source
Critically, harden the OS. Like, more than you think you need to. Way more. Consider the jump host capability as a core component of each system/environment/platform/application it's used to access/manage and assess value and risk with all those business processes/functions in mind even though you're using one jump host for each of those use cases because, inevitably, the same template/container/configuration/script will be reused so any misconfigurations will replicate. If you need a Windows OS, consider hardening kitty as it offers a locally executable option for both hardening and auditing. If you need to met regulatory requirements (HIPAA, CMMC, FISMA, PCI, etc.), consider OpenSCAP or whatever paid solution you use for agent-based vuln scans (avoid less intensive solutions that only run unauthenticated scans or network-based audits, they tend to avoid non-CVE vulns that exist in the configuration). If you need to rely on open source endpoint security solutions like Wazuh make sure they integrate nicely with SIEM, SOAR, and remote management. Wherever possible, use DevOps-friendly solutions for configuration management (think Ansible and Terraform vice Github Actions :) ) and remember that, if you're responding to an incident, you're going to want to suspend all of your jump boxes, retain any storage and their full memory state, and spin up verifiably clean jump boxes so you have confidence in your connections into the environment. This is the most commonly overlooked need (most orgs seem to be aware of their privilege sprawl issue) and it has a MASSIVE impact on your ability to quickly begin effective investigation and response efforts in the event of an incident (most orgs do NOT seem to be aware of this and it costs them time and meaningful information during incidents).

#Security & Privacy #Security Information And Event Management (SIEM) #Cyber Security 49 social mentions
Guacamole Landing Page

2

Guacamole

Access your computers from anywhere. Because the Guacamole client is an HTML5 web application, use of your computers is not tied to any one device or location. As long as you have access to a web browser, you have access to your machines.

Separately, avoid RDP/SSH as those protocols are most heavily targeted and more difficult to secure. There's a pattern from MS for using Apache Guacamole and Azure also offers a bastion host service that supports connection through the browser, this pattern does a decent job of showing the concept of a dedicated bastion subnet pretty well.

#Remote Desktop #Remote PC Access #Remote Control 137 social mentions
Azure Bastion Landing Page

3

Azure Bastion

Azure Bastion is a managed platform for having remote desktop protocol (RDP) and Secure Shell (SSH) in virtual networks.

Separately, avoid RDP/SSH as those protocols are most heavily targeted and more difficult to secure. There's a pattern from MS for using Apache Guacamole and Azure also offers a bastion host service that supports connection through the browser, this pattern does a decent job of showing the concept of a dedicated bastion subnet pretty well.

#Network & Admin #Remote Desktop #Group Chat & Notifications 3 social mentions