From this graph, I am understanding that the bastion host gets access to all servers. If that is a case, a hack on the bastion means you lose everything. It would be better to give access via VPN to the private network, so that the servers authenticate the users, not the bastion.
-
-
-
VPN is a different use case, we made this document publicly only because it's a good hardening option( whitelisting *anything* based on PaX/Grsecurity's RBAC) for the bastion which is the case.
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.