ISO Position Paper
Position Title: Bastion Hosts
Position Audience: Princeton IT Professionals
Contact: Information Security Office: InfoSec@princeton.edu
Position Release Date: March 20, 2018
System administration and direct access to restricted or confidential data (e.g., restricted or
confidential data residing in databases) is required to have access be limited to a controlled set
of secured and managed environments. The University is unable to secure information to the
extent necessary if sensitive data is accessed through uncontrolled, unmanaged environments.
Access to restricted or confidential data residing in databases should not take place directly
through user workstations unless that access is through a managed enterprise application (e.g.,
Peoplesoft HCM, Cognos Information Warehouse). Instead, access should be conducted
through OIT managed bastion hosts which require multi-factor authentication before enabling
direct access to restricted or confidential data. In addition, no RDP (remote desktop) or SSH
(secure shell) access should be directly allowed to servers for system administration purposes.
Bastion hosts used for access to restricted and confidential data, and bastion hosts used for
system administration should also be restricted to prevent access to and from the internet in
order to eliminate internet-based attacks on those systems.
All cloud application system administration should be conducted through OIT managed bastion
hosts which require multi-factor authentication. Because of the necessary access to internet
resources and the resulting internet-based risks, users of cloud application administration
bastion hosts should utilize accounts which do not have local administrator access on those
In addition, only centrally managed (OIT) and hardened workstations should be allowed to
access University bastion hosts. Unmanaged or personally owned workstations should not be
allowed to access bastion hosts in order to establish end-to-end trust.
Data classification: Public