Building a Bastion server - Part 9: Difference between revisions

From Cramsession
Jump to navigationJump to search
✍️ Verified Author: MflavellClick to view professional profile & credentials
No edit summary
Line 32: Line 32:
* Security groups assgiened to the bastion host should specifiy limited IP ranges.
* Security groups assgiened to the bastion host should specifiy limited IP ranges.


:* (0.0.0.0/0) is '''wrong''' specifiy the eaact IP range or access.
:* (0.0.0.0/0) is '''wrong''' specifiy the exact IP range or access.

Revision as of 00:57, 19 May 2025

Study Guides > AWS Cybersecurity Notes > Building a Bastion server - Part 9

Bastion hosts

  • These act as a jump box.
  • Installed on a public subnet.
  • The only purpose is to provide access from the private subnet from the internet.


General Bastion Guidance

  • Select a minimal operarting system.
  • Extra services could provide extra ingress points.
  • Limit active services.


  • Harden the default OpenSSH configurations
  • The configuration file is located in/etc/ssh/sshd_config
  • Disable root login.
  • Set password autheitcation and idele timeout values to acceptable numbers.


  • Make sure uncessary ports are cloded.
  • Security groups assgiened to the bastion host should specifiy limited IP ranges.
  • (0.0.0.0/0) is wrong specifiy the exact IP range or access.
Retrieved from "https://cramsession.net/index.php?title=Building_a_Bastion_server_-_Part_9&oldid=936"