A jump server, also known as a bastion host, is a hardened and monitored device on

the network specifically designed to be the single, controlled access point to other

systems and devices within a separate security zone. It acts as an intermediary,

requiring users to first authenticate to the jump server before they can access other

internal company resources. This creates an added layer of security by reducing the

attack surface and providing a single point for logging and auditing access to sensitive

internal systems.

A. RDP server: An RDP server allows remote desktop connections to that specific

server. It does not inherently provide an added layer of security for accessing other

internal resources; rather, it's a destination for access.

C. Proxy server: While proxy servers (especially reverse proxies) can offer security

benefits for specific applications, their primary role is typically to act as an intermediary

for network requests, often for outbound connections or to protect specific web servers.

A jump server is more specialized for secure administrative access to a broader range

of internal systems.

D. Hypervisor: A hypervisor is software that creates and runs virtual machines. While

securing the hypervisor is critical, it is not a solution for providing a controlled access

layer to internal company network resources in the manner described.

National Institute of Standards and Technology (NIST)

NIST Special Publication 800-41 Rev. 1, Guidelines on Firewalls and Firewall Policy.

While not directly defining "jump server," it discusses network segmentation and

controlled access points, concepts fundamental to jump server deployment. (Reference

to general architectural principles).

NIST Special Publication 800-125B, Secure Virtual Network Configuration for Virtual

Machine (VM) Protection, Section 3.3, "Bastion Host": "A bastion host is a special

purpose computer on a network specifically designed and configured to withstand

attacks. The computer generally hosts a single application, for example a proxy server,

and all other services are removed or limited to reduce the threat to the computer." This

describes the hardened nature of a jump server/bastion host.

URL: https://csrc.nist.gov/publications/detail/sp/800-125b/final

Amazon Web Services (AWS)

AWS Documentation, Security > AWS Well-Architected Framework > Security Pillar

> Design Principles > Secure network infrastructure > Restrict access > Use bastion

hosts (jump boxes). This section explicitly details the use of bastion hosts (jump

servers) to securely access private network resources.

URL (General concept, specific page might vary): AWS often describes bastion

hosts in relation to EC2 and VPC security best practices. A relevant conceptual page

is: https://aws.amazon.com/blogs/security/how-to-record-ssh-sessions-establishedthrough-a-bastion-host/ (This article describes its use, implicitly defining its role as a

secure gateway).

AWS Documentation, Linux Bastion Hosts on AWS (Quick Start Reference Deployment).

This guide details deploying a bastion host architecture.

URL: https://aws.amazon.com/quickstart/architecture/linux-bastion/ (The architecture

itself demonstrates the added security layer).

Microsoft Azure

Microsoft Azure Documentation, What is Azure Bastion?. "Azure Bastion is a service you

deploy that lets you connect to a virtual machine using your browser and the Azure

portal, or via the native SSH or RDP client already installed on your local computer.

The Azure Bastion service is a fully platform-managed PaaS service that you provision

inside your virtual network. It provides secure and seamless RDP/SSH connectivity to

your virtual machines directly in the Azure portal over TLS... When you connect via

Azure Bastion, your virtual machines don't need a public IP address, agent, or special

client software."

URL: https://learn.microsoft.com/en-us/azure/bastion/bastion-overview

IEEE Xplore

Zhu, Y., & Gao, H. (2021). A Secure Remote Access Scheme for Industrial Control

Systems Based on Bastion Host and MFA. IEEE Access, 9, 73426-73437. "The bastion

host acts as a gateway, providing a single point of entry to the internal network, thereby

enhancing security by isolating critical systems." (Section I, Introduction).

DOI: https://doi.org/10.1109/ACCESS.2021.3080899