Building a Bastion server - Part 9

From Cramsession

Revision as of 00:56, 19 May 2025 by Mflavell (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to navigation Jump to search

✍️ Verified Author: Mflavell • Click to view professional profile & credentials

Study Guides > AWS Cybersecurity Notes > Building a Bastion server - Part 9

Bastion hosts

These act as a jump box.

Installed on a public subnet.

The only purpose is to provide access from the private subnet from the internet.

General Bastion Guidance

Select a minimal operarting system.

Extra services could provide extra ingress points.

Limit active services.

Harden the default OpenSSH configurations

The configuration file is located in/etc/ssh/sshd_config

Disable root login.

Set password autheitcation and idele timeout values to acceptable numbers.

Make sure uncessary ports are cloded.

Security groups assgiened to the bastion host should specifiy limited IP ranges.

(0.0.0.0/0) is wrong specifiy the eaact IP range or access.

Retrieved from "https://cramsession.net/index.php?title=Building_a_Bastion_server_-_Part_9&oldid=935"

Navigation menu