Aspects of SSH that undermine security include: However, this thirty-year-old protocol has not kept up with enterprise networking’s rapid evolution.
Designed as a more secure alternative to TELNET and other early communications protocols, SSH added authentication and encryption.
What are the security risks of using a bastion host?īecause bastion hosts are publicly visible and widely used to provide SSH proxy services, they have become a target for cyberattacks. Once authenticated, they can then use another set of SSH keys to connect with the private network. When authorized users need to access a resource on the private subnet, they must first use their SSH keys to establish a connection with the bastion host. ACLs, allowlists, and other network-level access controls limit access from the bastion to its protected subnets. The bastion only accepts SSH connections from a limited range of IP addresses in the IT department. The bastion host resides on its own subnet with an IP address that is accessible from the public internet. Everything that does not serve the bastion host’s single purpose as an SSH proxy gets disabled or deleted. Administrators strip the bastion of all unnecessary applications, ports, processes, user accounts, and protocols. The bastion runs as a locked-down, single-purpose system - in this case, an SSH proxy server. Instead, a bastion host is used as a bridge between the public internet and the private subnet. But the security implications make that approach too risky. Exposing a port in each instance to the public internet would give administrators the access they need. To understand how a bastion host works, we will look at a simple scenario in which a company’s administrators need access to Linux instances connected on a subnet within a virtual private cloud. Revoking the former employee’s access to the bastion cuts them off from everything else. When an employee leaves, administrators do not need to revoke access to each private network and subnet. With all external traffic channeled through the bastion, administrators can focus their security efforts on protecting a single asset.Īt the same time, user management becomes simpler. The internal network can be configured to block all internet-bound traffic and only allow SSH communications with the bastion host. Remote administrators sign into the bastion and then sign into the subnet or resource they need to maintain.īastions simplify security administration. In this scenario, the bastion’s sole purpose is to provide SSH proxy services. Network administrators often use bastion hosts to remotely manage networked assets. At the same time, they may provide authorized users access to certain internal resources. These systems face the internet, so they need to be on the public side of a firewall or DMZ. Technically, any single-purpose server providing access control could be a bastion host. Access control becomes easier to manage while minimizing the potential attack surface.
Placed outside the firewall or within a DMZ, the bastion host becomes the only ingress path to those internal resources. What is a bastion host?Ī bastion host is a dedicated server that lets authorized users access a private network from an external network such as the internet. We will also explain how bastions - especially those providing SSH proxy services - create new security risks. In this article, we will introduce the bastion host concept, why companies use it, and how bastions work. As with VPN and RDP, however, the bastion host is an old remote access technology that does not work well in today’s decentralized computing environment. Commonly used as SSH proxy servers to support system administration, bastions provide a convenient, securable path through a protected network perimeter. Bastion hosts provide remote access to private networks from an external network.
0 kommentar(er)
