jump box

• A jump box is a system set up with multi-factor authentication (MFA) usually placed in a network DMZ with very restricted access to the corporate network and no returning Internet access for any protocol. In other words, the jump box has only one path in via SSH ,and no other protocols are allowed outbound to the Internet or into the corporate network

Since the jump box resides in the DMZ or another network that can be accessed via the Internet, great care should be taken to ensure its security by applying patches and updates as soon as they are made available. Additionally, the jump box shouldn’t host any protocols except for SSHD. The jump box has a single purpose as an SSH gateway into the corporate network. The only exception is for MFA purposes. Some MFA solutions require Internet access or at least some method of communicating with an authentication service inside the network. Time-based solutions are more secure, but any MFA solution is more secure than simple passwords alone.
No accounts on the jump box system should be accessible without using MFA unless it is a console login. The most secure type of MFA is to require that each user have a physical token such as a hardware token, which is a device that generates random numbers or alphanumeric sequences.
Additional Security

To further secure your jump servers, you should follow these suggestions:

    Disable or remove unnecessary protocols, daemons, and services.
    Never store SSH private keys on the jump server.
    Configure internal hosts with /etc/hosts.allow and /etc/hosts.deny files to control access.
    Create at least one secondary /backup jump box in case of failure.
    Use a restrictive, host-based firewall for all Linux systems.
    Set up a service such as Fail2Ban to resist brute-force attacks.
    Install a minimal distribution option.
    Set up NAT forwarding to your jump box.
VMs as Jump Boxes
A quick Internet search for “jump box” yields quite a few results for deploying jump boxes for Amazon Web Service (AWS) environments.
An additional layer of security is to limit the amount of time the jump box is available for use.
Summary
A jump box’s sole purpose is provide an SSH gateway into your internal network for administrators, and it should be made as secure as possible.
http://www.linux-magazine.com/Online/Features/Jump-Box-Security

Bypassing WAF

• Bypassing WAF: SQL Injection - Normalization Method

Using HTTP Parameter Pollution (HPP)
ByPassing WAF: SQL Injection – HPF Using HTTP Parameter Fragmentation (HPF)
Bypassing WAF: Blind SQL Injection Using logical requests AND/OR
https://owasp.org/www-community/attacks/SQL_Injection_Bypassing_WAF

Data Masking

• What is Data Masking?

Data masking, sometimes called data obfuscation is the process of hiding original data using modified content.
The main reason why data masking is used is to hide sensitive data (personal data) stored in proprietary databases
However, when masking data one shouldn’t forget that this data has to remain usable for other corporate activities, for example, for testing and (further) application development. Data masking is a very useful tool when a company needs to give access to its database(s) to outsource and third-party IT companies
Another situation where data masking may come in very handy is to mitigate operators’ errors
Companies usually trust their employees to make good and secure decisions, however many breaches are a result of operators’ errors.
Data masking can be done either statically or dynamically. As the name suggests, when masking data statically database administrators need to create a copy of the original data and keep it somewhere safe and replace it with a fake set of data.
When masking data dynamically, data is obfuscated on the go as an unauthorized database user will be trying to retrieve the data not intended for that user. Real-time masking also means that data never leaves the production database and, as a result, is less susceptible to security threats.
https://www.datasunrise.com/blog/professional-info/what-is-data-masking/