day day study---Detailed explanation of fortress machine/springboard machine

Foreword:
With the development of the Internet, the user base and network scale/number of devices have become larger and larger, and the increasingly complex operating environment and the behavior of different operation and maintenance personnel have brought greater security risks to the system. Machine/springboard machine came into being

1. Concept

Jump Server (Jump Server), also known as the fortress machine, as the name implies, is a type of network equipment that can be used as a springboard (batch) to operate original equipment. It is one of the commonly used operating platforms for system administrators or operation and maintenance personnel.

2. Purpose

In order to protect the network and data from intrusion and destruction from external and internal users, it uses various technical means to monitor and record the operation and maintenance personnel's operations on servers, network equipment, security equipment, databases and other equipment in the network, so as to facilitate Centralized alarm, timely handling and auditing responsibility

Three, function

• The most important thing is to integrate the two main functions of core system operation and maintenance and security audit management and control.
• From a technical perspective, it cuts off the terminal computer’s direct access to the network and server resources, but takes over the terminal computer’s access to the network and server through the use of protocol proxy.
• Simply put, the terminal computer's access to the target needs to be translated by the operation and maintenance security audit. The operation and maintenance security audit is like a security job, guarding a door, and all network equipment and server requests are required. Pass through the door guarded by security
• Therefore, the operation and maintenance security audit can intercept illegal access and malicious attacks, directly block illegal commands, filter out all illegal access behaviors, and perform misoperations and illegal operations (rm -rf) by internal personnel. Auditing and monitoring, in order to be held accountable afterwards (Sicong deletes the library and runs away)
  

4. Target value

1. Goal:

• The core idea of ​​the bastion host is to logically separate the person from the target device, and establish a model of "person -> master account (bastion host user account) -> authorization -> slave account (target device account)"
• In this mode, based on the identity, through centralized management and control of security policy account management, authorization management and audit, the establishment of a complete audit management of the entire process of "master account -> login -> access operation -> launch" for operation and maintenance personnel
• Finally realize the command-level audit of various operation and maintenance encryption/non-encryption, graphics operation protocols

2. System value

Enterprise perspective:

通过细粒度的安全管控策略，保证企业的服务器、网络设备、数据库、安全设备等安全可靠运行
降低人为安全风险，避免安全损失，保障企业效益

Administrator's perspective

所有运维账号的管理在一个平台上进行管理，账号管理更加简单有序
通过建立用户与账号的对应关系，确保用户拥有的权限是完成任务所需的最小权限
直观方便的监控各种访问行为，能够及时发现违规操作、权限滥用等
鉴于多账号同时使用超管进行的操作，便于实名制的认证和自然人的关联

Ordinary user perspective

运维人员只需记忆一个账号和口令，一次登录，便可实现对其所维护的多台设备的访问，无须记忆多个账号和口令
提高了工作效率，降低工作复杂度