MooseI know folks yell a lot about offline backups.
Please normalize yelling about offline jump servers too.
It's always good to have a break-glass box.
Please normalize yelling about offline jump servers too.
It's always good to have a break-glass box.
Sleeplessone@LitMoose Wait how does that work? Just a machine you keep offline until you need it when stuff goes off the rails?
@sleeplessone exactly that. With separate accounts, and MFA enforced.
Pre-set to manage what you need them to in case of emergency.
Pre-set to manage what you need them to in case of emergency.
Kevin Becker 
@LitMoose @sleeplessone interesting. I will think about doing this
P
thesle3p@LitMoose *Facebook network engineers would like to know your location*
David Longenecker@LitMoose include in that break-glass kit both an offline jump server, and an offline domain controller š
Cybersecurity Lawyer
john stream@LitMoose In this world of a remote-first workforce, where does this offline box reside? A secure rom at corporate HQ? Say we have a jump host environment that weāve built as the most secure but also a single point of failure in the network. No admin management happens unless it is behind it. What happens when it crashes or needs to be taken down for a zero-day patch? How do my infrastructure peeps get in?
@streamsthoughts all good questions. To start, they should be gapped in some way from your other infra. If you're an ESXi shop, for instance, these are not part of a cluster or managed through vCenter. These are set aside if something in vCenter goes pear shaped.
As to the how, I would work with the network and systems engineers teams you have, in the locations you have, and come up with a few workable solutions.
If AWS-only shop, your break glass looks different than a hybrid Citrix, *Nix, GCP, with mix of physical boxes.
The trick is gapping and leaving offline, and I'd recommend your EDR be installed on it.
As to the how, I would work with the network and systems engineers teams you have, in the locations you have, and come up with a few workable solutions.
If AWS-only shop, your break glass looks different than a hybrid Citrix, *Nix, GCP, with mix of physical boxes.
The trick is gapping and leaving offline, and I'd recommend your EDR be installed on it.
@LitMoose I was just having a nice discussion with our systems engineering and network teams today about this very topic. We need a solution for break glass, PCI compliant, that also can be access from home without heading to a secure rom at HQ. The transitive nature of PCI makes this a challenge.
@streamsthoughts I'm watching so many people offload PCI to a managed provider it's not even funny.
"PCI compliance" is a pain trigger for anyone who's had to deal with it.
I see you're with a credit union. Condolences, there's no escape for you.
That said, it's doable, just ends up looking like dormant, replicated infra with switches for escalated access, fewer open ports, and tunneling.
"PCI compliance" is a pain trigger for anyone who's had to deal with it.
I see you're with a credit union. Condolences, there's no escape for you.
That said, it's doable, just ends up looking like dormant, replicated infra with switches for escalated access, fewer open ports, and tunneling.
@LitMoose Yep. Itās a give and take for everyone involved. Weāre leaning towards a CA secured, public facing VPN portal, with static creds which the admin team only knows the first half of the passphrase - management knows the 2nd half. From a risk perspective, PCI has helped us get shit done. I love it.
nobletrout
Yaro@nobletrout @LitMoose @jerry my take on breakglass. Itās only breakglass if the action requires two people, is auditable, and has a physical access control. Anything less and itās just security by obscurity relying on people ādoing the right thingā.
Jim Sykora@LitMoose Also, have an offline backup server host. Like a server that has an interface for your offline backups, has the backup software pre-installed, has all the current backup encryption keys available.
And regularly test restoring your offline backups from this offline backup server to make sure you could restore other servers back to bare metal or a new virtualization host if everything else is a burning pit of despair.