Making the administration workstation incorruptible with a hardened thin client terminal The terminal allowing administrators to access the administration network is a key element for the global security of organizations’ information systems. A possible corruption of this terminal is a major risk for companies. The use of a hardened thin client terminal communicating with administration virtual desktops allows you to take advantage of the specific and secure architecture of a hardened thin client terminal while benefiting from the functionalities of Privileged Access Management (PAMPrivileged Access Management. PAM is a technology for managing access and authentication of authorized users, usually information system administrators, to administrative resources or applications. The main objective is to secure the information system by removing unauthorized access to sensitive resources. This protection is based on two main axes: management of the injection and life cycle of passwords used in administered resources and administration applications, the traceability of all the actions carried out when connecting users with a power of nuisance on the information system, in the form of audit or video traces. The users with malicious power concerned by the PAM may be internal users of the information system, such as system administrators or users handling sensitive data, as well as external users such as infomanagers or remote maintenance personnel....) solutions thanks to virtualization. Prerequisites for using a thin client terminal for information systems administration Due to its specific architecture, the thin client terminal meets certain points that enhance the security of the information system. To harden this terminal, several elements must nevertheless be taken into account: Avoid public operating systems, or even privilege terminals without an operating system: the more public an OS is, the more vulnerabilities it has, thus increasing the risk of attacks towards the terminal’s operating system.Limit or forbid the configuration means on the terminal: an administrator must not be able to reduce the security of the terminal by modifying its configuration.Centralize and secure the administration of terminals: it is necessary to be able to control all the terminals in order to update them. Avoid terminals that remain accessible without being updated and therefore possibly containing security flaws.Partition the use of the terminal between the different networks: have a different terminal to access the administration network and the office automation network. What the ANSSIAgence Nationale de la Sécurité des Systèmes d’Information. The National Cybersecurity Agency of France (ANSSI) is a French government organisation reporting to the Secretary General for Defence and National Security (SGDSN), who is responsible for advising the Prime Minister in the exercise of his functions in the field of defence and national security. ANSSI is responsible for cybersecurity issues in France. The ANSSI provides its expertise and technical skills to organisations (administrations or companies) with a reinforced mission to the operators of vital importance (OIV), operating in areas of activity that are sensitive for the very integrity of the country and the population (health, regal, economic and technological fields). The scope of the Agency's action concerns the computer population as a whole. In particular, it intervenes in the following areas - monitoring and reacting to any incident relating to cybersecurity, - in the development of products for civil society, - as an information and advisory body, - as a training organisation, - as a reference organisation for the labelling of trusted products and service providers... (the French National Cybersecurity Agency of France) recommends The issue of access terminals is addressed in the document PA-022 from the ANSSI (Recommendations for the secure administration of information systems) under Recommendation R9. It recommends the use of a dedicated administration workstation, i.e. a workstation for access to the administration information system that is physically different from the workstations providing access to the office automation information system. The ANSSI also proposes a degraded version of this recommendation (R9-) with multi-level workstations, i.e. the use of a physically identical workstation for access to the administration and office automation information system. However, these two accesses must not be common, which therefore implies two environments present on the same administration workstation. They must be extremely hardened and secured in order to avoid any communication and therefore any contamination between the two environments present on this same physical workstation. These recommendations can be achieved by using a hardened thin client terminal dedicated solely to the administration information system (R9) or via a multi-level hardened thin client terminal (R9-) which will be easier to partition than a conventional workstation. Which thin client terminal to administer the Information System? The use of a thin client terminal from AXEL meets this security challenge since they are the only ones able, with their thin clients, to offer highly secure access terminals without an operating system. They are different from traditional thin clients on the market that have an architecture similar to a traditional PC with an operating system. Since most attacks are oriented towards the operating system, the absence of an OS in AXEL technology allows administrators to provide a highly secure thin client terminal. AXEL offers firmware and hardware developed and supported by their teams in France and without bios, operating system or file system, which mechanically reduces the attack surface of their thin client terminals. The firmware is also dedicated, extremely light (less than 2MB) and immune to viruses. Systancia Cleanroom Terminal Systancia and AXEL have therefore joined forces to provide organizations with an incorruptible administration workstation with an AXEL hardened thin client terminal communicating with the Systancia Cleanroom virtual workstation module, which will allow the control of virtual administration workstations. This module sends to the thin client terminal the virtual workstation dedicated to the user who wishes to access the administration information system and the terminal will then be able to connect directly to this virtual administration workstation. This virtual administration workstation will have all the surveillance mechanisms: analysis and recording of all the actions carried out from the virtual administration workstation. It will also have all the mechanisms linked to the vault module that will allow the automatic injection of login credentials to any type of application (web application, heavy, client-server, in-house application, etc.). Once this information has been retrieved, the virtual administration workstation will provide access to the resources that the administrator needs in order to carry out their administration actions. This approach is therefore extremely secure since it combines the strength of the virtual administration workstation, which is disposable (and therefore reduces the attack surface), and the hardened thin client terminal, which guarantees that this administration access terminal is inviolable against an attack directed at this workstation. All this guarantees the security of the resources of the administration IS, which cannot be attacked via the administrator’s workstation.