Bastion host
A bastion host , sometimes also jump server or jump host , is a server that offers services for the public Internet or untrustworthy networks (e.g. large, unseparated intranet environments) or that accesses the public Internet as a proxy or mail server and therefore special protection against attacks. The role of the bastion host is suitable for servers in exposed areas and should therefore not be combined with other server roles.
configuration
Network topology
For protection, the server is placed in a network that is protected from both the Internet and the internal network by a firewall . Such a network is called a demilitarized zone . The firewalls used to secure this separate network should be configured as restrictively as possible. For example, direct access to the Internet from the internal network should not be possible. Also, only the ports that are required for operation should be released. As a rule, a web server will not establish its own access to other web servers on the Internet. Therefore the establishment of a connection to port 80 through the firewall should be prohibited.
Access to the server
Such a computer should always be appropriately shielded from access. In the case of on-premises operation, only authorized persons should have access to the data center. In a cloud environment , the authorizations must be set accordingly.
Installation and configuration of the software
When configuring such a computer, make sure that only the software that is absolutely necessary for the operation of the computer is installed. During installation, care should be taken to ensure that only the features that are absolutely necessary for operation are installed. In addition, the applications should only be given the authorizations that are absolutely necessary for operation. The installation of development environments should therefore be avoided in order not to support attackers by providing the appropriate tools in the event of a break-in. The operation of several services on one computer should also be avoided, as this increases the risk of an attack.
Monitoring and operation
Such a computer should only be operated by experienced administrators , as the activities must be constantly monitored by analyzing the log files . In addition, the administrator should find out about security gaps that have recently become known in order to be able to ward off any threat to the system in advance.
The administrator must be able to assess whether the reported security gap is relevant for the affected system in order to protect the system from attacks by configuring the system accordingly or installing a patch .
Security guidelines
In order to avoid wrong decisions in crisis situations, it makes sense to set up security guidelines that should include rules of conduct in the event of a successful attack. The organizational responsibilities for relevant decisions should also be clearly regulated in such a document.
Such guidelines can also be helpful for planning in order to avoid possible errors in advance.
Regulations
Regulations such as Payment Card Industry Data Security Standard (PCI-DSS) , Health Insurance Portability and Accountability Act of 1996 (HIPAA) and Sarbanes-Oxley Act of 2002 (also SOX) make the use of a bastion host with the four-eyes principle mandatory in front.
See also
Web links
- BSI
- Example: Linux Bastion Hosts on the AWS Cloud. Retrieved May 28, 2018. English
- Example: Azure Security and Compliance Blueprint - Financial Services for Regulated Workloads (FFIEC) with Bastion Host
- Proxy command ssh bastion proxy. Retrieved May 29, 2018. English
- Example: BSI M 4.276 Planning the use of Windows Server 2003
- SSH Jump Server, SSH Bastion host, SSH Jump host for PCI DSS and other security compliance. Retrieved May 29, 2018. English
- Jump Servers for security on stackexchange. Retrieved May 29, 2018. English