Get your free Twingate account: https://www.twingate.com/?utm_source=youtube&utm_medium=referral&utm_campaign=certbros
-------------------------------------------------------------------------------
MY FULL CCNA COURSE
📹 CCNA - https://certbros.teachable.com/p/cisco-ccna?utm_source=youtube&utm_medium=desc&utm_campaign=CCNA
FREE CCNA FLASHCARDS
🃏 CCNA Flashcards - https://certbros.com/ccna/flashcards
HOW TO PASS THE CCNA
📚 Get a great book - https://amzn.to/3f16QA5
📹 Take a video course - https://certbros.teachable.com/p/cisco-ccna?utm_source=youtube&utm_medium=desc&utm_campaign=CCNA
✔ Use practice exams - https://www.certbros.com/ccna/Exsim
SOCIAL
🐦 Twitter - https://twitter.com/certbros
📸 Instagram - https://www.instagram.com/certbros
👔 LinkedIn - https://www.linkedin.com/company/certbros
💬 Discord - https://www.certbros.com/discord
Disclaimer: These are affiliate links. If you purchase using these links, I'll receive a small commission at no extra charge to you.
---------------------------------------------------------------------------------------------------------------
Imagine you have multiple servers in an isolated network. This could be your home network, a corporate network, or even a cloud network hosting web servers. How could you access these servers remotely over the internet?
One option, is to open all of your devices to the public internet. For example, you could enable port forwarding for each device. But, you wouldn’t be the only person that can access these devices. By doing this, you haven’t just opened one door to the network, you have opened three doors to your network and each one is a prime target for attackers. This is what we call the attack surface.
There is another option, though. One that will not only give us the remote access we need, but also help keep the attack surface to a minimum.
That is by using something called a jump server also known as a jump host, jump box, or bastion host. Instead of exposing each device directly to the internet we add another host called a jump server. This host, and only this host, will be directly accessible to the internet. This server will also be able to connect directly to our internal devices as well.
By having only one publicly facing host, we reduce the attack surface and force attackers to use this one route.
By using this method, we have only one entry point instead of multiple for each device. This drastically reduces our attack surface.
It also means we can focus all our attention on this single entry point and ensure that everything is as secure as possible. We do this by making sure everything is up-to-date, and the server is hardened with security policies and tools.
Using a jump server as a centralised point of access also makes it easier to monitor and log activity.
All of this makes it much easier for us to manage, but it also makes it a lot harder for attackers to compromise the jump server and gain access to our network.
00:00 Into
00:19 The problem
01:59 Jump server overview
03:25 The better option
04:34 Jump servers in detail
06:27 The benefits
07:11 The downsides
08:10 Why not use a VPN?
09:03 Summary
09:28 Outro