| The bastion machine is a dedicated system host which controls IT operation andmaintenance personnel to access the core IT assets. A castle is eashy to break from inside,soauditing for IT opration and maintenance personnel’s routine work is one of the importantissues of enterprise information security.The opration and maintenance records of accessingthe core IT assets must be audited. Most auditing softwares of operation and maintenancecommonly use screen recording to record all operations.They have only screen recordsbesides parsing the SQL statements.Screen recordings would omit many details when theworkstation is locked and miss many details of non GUI programs or scripts. For securityaudit staff, looking for offences in massive screen records is difficult and inefficient. Thecurrent privilege management does not meet the requirements of SOX of minimum privilegeminimizations.Doing one task can have privileges to do dozens of tasks. More privilegesmeans more possibilities of making more or bigger misktasks.How to solve this problem isthe research question of this thesis.As the command line user interface is widely used inLinux and Unix operating system,current bastion machines can record them verywell.Therefore we concentrate on the research and develop of bastion machines for Windowsgraphical user interface.The thesis investigates the characteristics,application background and history of bastionmachines,and current information security situation.Three methods of bastion machinesproxy are analyzed, then the solution of application proxy is proposed.After introducing theconcept,construction,topology,main functions of bastion machines, the important improvements of application proxy are presented.For Windows,the following6generalrequirements are focused on: file management,IIS management,system servicemanagement,scheduled tasks management,process management,remote desktop management,and the implementation methods of above requirements are listed.The basic management requirements and security requirements of bashtion machines areresearched.The AD directory service is reused for user and role management. With managingshared services file management implements common read-write operations of file anddirectory.The command-line scripts of IIS are used to manage all sites,virtual directories andapplication pools.The system command ‘sc.exe’ is used to implement functions of servicequerying,creating,starting and modifying. The system command ‘schtasks.exe’ is used tocreate and query and run the windows tasks. The system command ‘tasklist.exe’and’taskkill.exe’ and toolset of Sysinternals are used to manage processes querying,creatingand ending.All servers’3389ports are centrally managed through RDP OCX controltechnology like springboard machines.The auditing efficiency and safety factor will increase at least by a magnitude usingapplication proxy bastion machines instead of the traditional video playback bastion machines.The cost of enterprise information security will be saved greatly. |
PDF Full Text Request