I have seen lots of client not gives access to login directly to their application/web/database servers.
They provide a Bastion Server or a Jump server. First of all we have to login on a Jump server and then we can login to application/web/database servers.
2 Likes
A bastion server is a server that is accessible via internet.
Most of the time, application servers are behind the firewall of client’s network and are on private network. This means they are not accessible via internet.
Bastion server acts as an interface between public network and private network.
Since there is only server we can interact with, we can provided all sorts of network security on that particular server.
Once logged in to bastion server, you have the access of private network.
Most of the time , bastion servers are only accessible via few locations so that hackers could not access it.
5 Likes