Jump box vs. opening a firewall port for developers access to PostgreSQL database

I'm using a jump box for my developers to access PostgreSQL database.  The leadership has limited access of 2 users to each Jump box.  It is very difficult to scale that model when all the developers need is secure access (this is on the Azure cloud by the way).  I was thinking about opening up port 5433 as recommended by this article to install pgAdmin.  Does anyone have any pros or cons to this course of action?
George StephensonIoT Information Security ArchitectAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

matrix8086Commented:
A jump box is more secure. Opening up the 5433 port can bring you some attacks. If you realy need to open this port, I would recomand that scheme, if it's possible:

- Allow access only from the developers IP to the POstgreSQL admin IP/port
- If it's possbile, publish another port (35433, for example) and make port forwarding to 5433 port

Best regards
0
btanExec ConsultantCommented:
In any case, it should not have access to database from the Internet and if need to use a VPN instead and access through it. Administration machine should be whitelisted such that firewall inly allow limited authorised ones to come in. Firewall itself is a proxy in a way but rather than exposing a high port which a hacker can probably fingerprint system from the port no, it is better to have some known port for external access. Consider also enforcement of 2 FA  for such remote access.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
George StephensonIoT Information Security ArchitectAuthor Commented:
Thank you folks.  I appreciate the input.  Both these answers help me determine how to address this issue.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PostgreSQL

From novice to tech pro — start learning today.