Secure data from a server to a workstation using jumper hosts

Posted by apalsson on Server Fault See other posts from Server Fault or by apalsson
Published on 2009-12-14T15:57:46Z Indexed on 2010/04/15 22:03 UTC
Read the original article Hit count: 276

Filed under:
|
|
|

Hello.

I have a WWW-server, my problem is that the content is sensitive and should not be accessible for people without proper credentials.

How can I improve the ease of use but still maintain security following scenario;

The Server is accessed through a "jumper host", i.e. the client connects to the jumper using VPN-connection and uses RemoteDesktop to access the jumper. From the jumper he uses RemoteDesktop again to access the Server. Finally on the Server the user can access content using a WWW-browser.

All the way from the VPN-client to the WWW-browser requires authentication using a SmartCard-token.

This seems quite secure to me. Content only gets mirrored on the RemoteDesktop between Server and jumper, no cached files to worry about. Connection between jumper and client is protected using VPN(ssl), so no eavesdropping.

But it is quite cumbersome for the clients with many steps and connections to open. :(

So, how can I improve the user experience accessing my server without compromising security?

Thanks.

© Server Fault or respective owner

Related posts about vpn

Related posts about www