What hardware + hardened OS would you recommend for jump boxes? OpenBSD, Linux, pfSense?
As for our 3rd party machines with jump boxes: I view jump boxes as a security risk if directly connected to corporate lan as they can bypass firewalls. So I kept it simple and created an isolated jump box network from the pfSense that gives them 24/7 remote internet access with zero ability to see anything on the company lan.
Our Internal machines are on an isolated network, all hardwired and have static IP addresses, zero internet access. The engineers frequently have to write new CNC programs so I make it easy to share files while isolating the networks; I bridged them using a Debian server running a SAMBA server with two network interfaces. One is connected to the company lan, the other to the dedicated machine lan. The file server has a single share for the engineers with RW access and each machine gets RW access only to its directory in that share. Operators go to the P (program) drive and retrieve the programs. There is no network bridging or routing between the two networks. As far as they know, it's just a file server. That network also terminates in our office and we can connect to it for programming and troubleshooting.
One Idea I've been toying with is developing an internal jump box that allows our machines to connect to the corporate lan giving engineers file access while maintaining network isolation. That way I can ditch the second network and go DHCP with reservations all around.
If a fileserver vulnerability helps an attacker to take control of the host, they may be able to move traffic between the network cards.
Might be better to have two file servers. The less-exposed server could periodically connect to the more-exposed server to sync files. Would not need open ports on the less-exposed server.