Security recommendations

1 Basic security requirments

• The minimum ports required to be opened for JumpServer are 80, 443, and 2222.
• The operating system for JumpServer host should be upgraded to the latest version available.
• The software dependencies of JumpServer should be upgraded to the latest versions available.
• Please avoid using weak passwords for servers, databases, Redis, and other dependent components.
• It is not recommended to disable Firewalld and SELinux.
• Enable the necessary ports, and if required, access JumpServer through VPN or SSLVPN only.
• If it is necessary to expose services to the public network，you should deploy a web application firewall for security filtering.
• Please deploy the SSL certificate to enable access to JumpServer via HTTPS protocol.
• JumpServer should enforce strong password rules and prohibit users from using weak password.
• The JumpServer MFA authentication feature should be enabled to mitigate security issues resulting from password leakage.

Attention

• If you encounter and secruity issue while using JumpServer, please feedback to us by ibuler@fit2cloud.com

2 Secruity configuration recommendations

• Summayr of Common High-Risk Commands
• Configure a specific asset to only allow connections to JumpServer through a designated IP address
• Access JumpServer with own SSL certification
• JumpServer enhance the security for user login
• Switching users for asset login on JumpServer
• JumpServer High-Risk Command Restrictions
• Restricting IP Source for JumpServer Login
• JumpServer supports MFA tools
• JumpServer configures the period of session expired