Secure data from a server to a workstation using jumper hosts
Posted
by apalsson
on Server Fault
See other posts from Server Fault
or by apalsson
Published on 2009-12-14T15:57:46Z
Indexed on
2010/04/15
22:03 UTC
Read the original article
Hit count: 276
Hello.
I have a WWW-server, my problem is that the content is sensitive and should not be accessible for people without proper credentials.
How can I improve the ease of use but still maintain security following scenario;
The Server is accessed through a "jumper host", i.e. the client connects to the jumper using VPN-connection and uses RemoteDesktop to access the jumper. From the jumper he uses RemoteDesktop again to access the Server. Finally on the Server the user can access content using a WWW-browser.
All the way from the VPN-client to the WWW-browser requires authentication using a SmartCard-token.
This seems quite secure to me. Content only gets mirrored on the RemoteDesktop between Server and jumper, no cached files to worry about. Connection between jumper and client is protected using VPN(ssl), so no eavesdropping.
But it is quite cumbersome for the clients with many steps and connections to open. :(
So, how can I improve the user experience accessing my server without compromising security?
Thanks.
© Server Fault or respective owner