Jumpbox Flashcards
What is an Internet-Facing Host?
Any host that accepts inbound connections from the internet.
This means, a web or email server in a DMZ. These are servers that will get traffic from the outside regardless of whether they request it or not.
DMZ Notes:
The DMZ is a zone that is isolated from the rest of your private network by one or more firewalls. It’s set up to accept connections from the internet via specifically designated ports. This is to protect our internal network. Everything behind the DMZ is “invisible” to the outside.
Any other communication, proxy, or remote access servers should also be placed in the DMZ. Anything that someone from the internet needs access to, goes in the DMZ.
The DMZ devices need to be hardened as best as we can but we don’t fully trust to them.
The we place a firewall between our internal network and the DMZ. This is also a good place to put an IDS because a common attack method is to compromise the server in the DMZ and use that to pivot to the internal network.
What is a Bastion Host?
Hosts or servers in the DMZ which are not configured with any services that run on the local network.
Things like email, web, and remote access.
How do we harden devices in the DMZ?
We use a Jumpbox.
What is a Jumpbox?
A heavily hardened server that exclusively talks to the hosts in the DMZ. This is the only device that is configured to talk to the DMZ.
The administrator connects to the Jumpbox, and the Jumpbox then connects to the hosts in the DMZ.
This Jumpbox can be a physical PC or a Virtual Machine. A lot of people use VM’s because you can use it once, remove it, and then reimage a new one to use the next time you need to connect to the DMZ.
The jumpbox and management workstation should use least functionality and have the minimum software to perform the job, in addition to be extremely hardened.
