Creating a jump host in 2023

This page summarizes the projects mentioned and recommended in the original post on /r/sysadmin

Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
  • HardeningKitty

    HardeningKitty - Checks and hardens your Windows configuration

    Critically, harden the OS. Like, more than you think you need to. Way more. Consider the jump host capability as a core component of each system/environment/platform/application it's used to access/manage and assess value and risk with all those business processes/functions in mind even though you're using one jump host for each of those use cases because, inevitably, the same template/container/configuration/script will be reused so any misconfigurations will replicate. If you need a Windows OS, consider hardening kitty as it offers a locally executable option for both hardening and auditing. If you need to met regulatory requirements (HIPAA, CMMC, FISMA, PCI, etc.), consider OpenSCAP or whatever paid solution you use for agent-based vuln scans (avoid less intensive solutions that only run unauthenticated scans or network-based audits, they tend to avoid non-CVE vulns that exist in the configuration). If you need to rely on open source endpoint security solutions like Wazuh make sure they integrate nicely with SIEM, SOAR, and remote management. Wherever possible, use DevOps-friendly solutions for configuration management (think Ansible and Terraform vice Github Actions :) ) and remember that, if you're responding to an incident, you're going to want to suspend all of your jump boxes, retain any storage and their full memory state, and spin up verifiably clean jump boxes so you have confidence in your connections into the environment. This is the most commonly overlooked need (most orgs seem to be aware of their privilege sprawl issue) and it has a MASSIVE impact on your ability to quickly begin effective investigation and response efforts in the event of an incident (most orgs do NOT seem to be aware of this and it costs them time and meaningful information during incidents).

  • Wazuh

    Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.

    Critically, harden the OS. Like, more than you think you need to. Way more. Consider the jump host capability as a core component of each system/environment/platform/application it's used to access/manage and assess value and risk with all those business processes/functions in mind even though you're using one jump host for each of those use cases because, inevitably, the same template/container/configuration/script will be reused so any misconfigurations will replicate. If you need a Windows OS, consider hardening kitty as it offers a locally executable option for both hardening and auditing. If you need to met regulatory requirements (HIPAA, CMMC, FISMA, PCI, etc.), consider OpenSCAP or whatever paid solution you use for agent-based vuln scans (avoid less intensive solutions that only run unauthenticated scans or network-based audits, they tend to avoid non-CVE vulns that exist in the configuration). If you need to rely on open source endpoint security solutions like Wazuh make sure they integrate nicely with SIEM, SOAR, and remote management. Wherever possible, use DevOps-friendly solutions for configuration management (think Ansible and Terraform vice Github Actions :) ) and remember that, if you're responding to an incident, you're going to want to suspend all of your jump boxes, retain any storage and their full memory state, and spin up verifiably clean jump boxes so you have confidence in your connections into the environment. This is the most commonly overlooked need (most orgs seem to be aware of their privilege sprawl issue) and it has a MASSIVE impact on your ability to quickly begin effective investigation and response efforts in the event of an incident (most orgs do NOT seem to be aware of this and it costs them time and meaningful information during incidents).

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  • ADRecon

    ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.

    If you're planning to use Active Directory and/or Azure AD, run ADRecon/AzureADRecon and Bloodhound frequently and review in depth. Run ScoutSuite frequently and review as part of a normal operational cycle (e.g., at weekly team meetings make the results available and set aside 15 minutes to discuss and make assignments). Look critically at where these three tools overlap within two or three degrees of separation from your jump hosts (e.g., hosts/nodes that are one or two devices away and users/security groups that are one or two devices away) for help prioritizing when you have too many high-risk/high-impact items to look through.

  • AzureADRecon

    AzureADRecon is a tool which gathers information about the Azure Active Directory and generates a report which can provide a holistic picture of the current state of the target environment.

    If you're planning to use Active Directory and/or Azure AD, run ADRecon/AzureADRecon and Bloodhound frequently and review in depth. Run ScoutSuite frequently and review as part of a normal operational cycle (e.g., at weekly team meetings make the results available and set aside 15 minutes to discuss and make assignments). Look critically at where these three tools overlap within two or three degrees of separation from your jump hosts (e.g., hosts/nodes that are one or two devices away and users/security groups that are one or two devices away) for help prioritizing when you have too many high-risk/high-impact items to look through.

  • BloodHound

    Six Degrees of Domain Admin

    If you're planning to use Active Directory and/or Azure AD, run ADRecon/AzureADRecon and Bloodhound frequently and review in depth. Run ScoutSuite frequently and review as part of a normal operational cycle (e.g., at weekly team meetings make the results available and set aside 15 minutes to discuss and make assignments). Look critically at where these three tools overlap within two or three degrees of separation from your jump hosts (e.g., hosts/nodes that are one or two devices away and users/security groups that are one or two devices away) for help prioritizing when you have too many high-risk/high-impact items to look through.

  • ScoutSuite

    Multi-Cloud Security Auditing Tool

    If you're planning to use Active Directory and/or Azure AD, run ADRecon/AzureADRecon and Bloodhound frequently and review in depth. Run ScoutSuite frequently and review as part of a normal operational cycle (e.g., at weekly team meetings make the results available and set aside 15 minutes to discuss and make assignments). Look critically at where these three tools overlap within two or three degrees of separation from your jump hosts (e.g., hosts/nodes that are one or two devices away and users/security groups that are one or two devices away) for help prioritizing when you have too many high-risk/high-impact items to look through.

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts