Robert Rosenthal
asked on
Jump box to restrict Privileged Accounts in AD
Does anyone use a jump box to restrict access to privileged administrator accounts in AD? If not, do you utilize a third part, identity management solution?
Yes it is used to create a centralised one stop to aggregate remote administration access. Also to avoid direct console access and form a sort of digital CCTV foot print to record action taken. Identity access management system is also required as the jumphost will have it main account in aync from the IAMS. For the jumphost, it can host a password vault. The 2FA support of jumphost is value add as all remote administration is mandated to have it.
Robert, could you describe what you mean by jump box? What is the scenario you are talking about and what should the measure protect exactly?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you are having to have a dedicated jumphost appliance mostly for compliance, Exceedium is another option that admins should connect to a permission access manager (PAM) that monitors and records all activity. A quick overall solution profile include Wallix, CyberARK, Xceedium and Dell Quest that uses jump hosts; Observe-IT, Centrify and TSFactory are agent based, while Intellinx is a network sniffer.