- A jump box is a system set up with multi-factor authentication (MFA) usually placed in a network DMZ with very restricted access to the corporate network and no returning Internet access for any protocol.
In other words, the jump box has only one path in via SSH, andno other protocols are allowed outbound to the Internet or into the corporatenetwork
Since the jump box
No accounts on the jump box system should be accessible without using MFA unless it is a console login. The most secure type of MFA is to require that each user have a physical token such as a hardware token, which is a device that generates random numbers or alphanumeric sequences.
Additional Security
To further secure your jump servers,
Disable or remove unnecessary protocols, daemons, and services.
Never store SSH private keys on the jump server.
Configure internal hosts with /etc/hosts
Create at least one secondary /backup jump box in case of failure.
Use a restrictive, host-based firewall for all Linux systems.
Set up a service such as Fail2Ban to resist brute-force attacks.
Install a minimal distribution option.
Set up NAT forwarding to your jump box.
VMs as Jump Boxes
A quick Internet search for “jump box” yields quite a few results for deploying jump boxes for
An additional layer of security is to limit the
Summary
A jump box’s sole purpose
http://www.linux-magazine.com/Online/Features/Jump-Box-Security
No comments:
Post a Comment