Best Practices
Because bastion hosts are particularly vulnerable to attack, due to the level of required access with the outside world to make them useful, there are several best practice suggestions to follow:
- Disable or remove any unneeded services or daemons on the host.
- Disable or remove any unneeded user accounts.
- Disable or remove any unneeded network protocols.
- Configure logging and check the logs for any possible attacks.
- Run an intrusion detection system on the host.
- Patching the operating system with the latest security updates.
- Lock down user accounts as much as possible, especially root or administrator accounts.
- Close all ports that are not needed or not used.
- Use encryption for logging in to the server.
Read more about this topic: Bastion Host
Famous quotes containing the word practices:
“To learn a vocation, you also have to learn the frauds it practices and the promises it breaks.”
—Mason Cooley (b. 1927)
“Of all reformers Mr. Sentiment is the most powerful. It is incredible the number of evil practices he has put down: it is to be feared he will soon lack subjects, and that when he has made the working classes comfortable, and got bitter beer into proper-sized pint bottles, there will be nothing left for him to do.”
—Anthony Trollope (1815–1882)