Hello..! so in this post i want to highlight a fact related to oneconfusioni'm seeing a lot in some organizations related to a basic information security concept.
the confusion is around deciding whether to go for a "Jump Servers" approach or go for a "PAW (Privilege access workstation)" approach when re-designing or revising your network security.
the security concept is named:clean source principlewhich is explained ..here
actually i don't want to re-write or discuss the clean source principle or how it relates to the concept of implementing jump servers and PAW because actuallyJohn Rodriguezfrom Microsoft Cyber security team already wrote a very good article ..find it herethat points exactly to the technical side of it, but the reason i'm writing this article is to take away some facts like for example although the article published by John in 2016 but seems not so many security professionals came across it!! and although the clean source principal was enough explained in almost every information security book but i can see in last 5 years that these principals don't get enough in-depth sense of realization in many organizations which means in some environments security professionals might be sleeping at night with perception that the environment became more secure after implementing jump servers for instance which is actually not true at all!!
the other thing that was driving me to write this article is the fact that with today's market needs and security risks still i see the concept of "specialization" being ignored in so many environments!. for some big organization with maybe 80% or more of its work loads running on Microsoft systems and still don't have specialized security professionals for Microsoft systems .. doesn't make sense right ?
most of Information Security professionals actually come from either network security or security hardware vendor backgrounds who might be more into Linux and UNIX security and more into security hardware appliance implementations than windows security or without strong understanding of network protocols and impact of changes on different integrated systems.
following are points that from my experience are very important to consider in every organization (of course it should be tailored according to environmental factors)
always check official documentation directly from vendor. so if you are exploring a windows security thing then start checking Microsoft documentation first. also no need to mention the many channels by which Microsoft offers different security services to its customers
each organization must assess the need for having specialized security professional for windows
adding extra step by implementing jump servers alone doesn't necessary mean an extra security step is added!! actually not at all