Security recommendations⚓︎
1 Basic security requirments⚓︎
- The minimum ports required to be opened for JumpServer are 80, 443, and 2222.
- The operating system for JumpServer host should be upgraded to the latest version available.
- The software dependencies of JumpServer should be upgraded to the latest versions available.
- Please avoid using weak passwords for servers, databases, Redis, and other dependent components.
- It is not recommended to disable Firewalld and SELinux.
- Enable the necessary ports, and if required, access JumpServer through VPN or SSLVPN only.
- If it is necessary to expose services to the public network,you should deploy a web application firewall for security filtering.
- Please deploy the SSL certificate to enable access to JumpServer via HTTPS protocol.
- JumpServer should enforce strong password rules and prohibit users from using weak password.
- The JumpServer MFA authentication feature should be enabled to mitigate security issues resulting from password leakage.
Attention
- If you encounter and secruity issue while using JumpServer, please feedback to us by ibuler@fit2cloud.com
2 Secruity configuration recommendations⚓︎
- Summayr of Common High-Risk Commands
- Configure a specific asset to only allow connections to JumpServer through a designated IP address
- Access JumpServer with own SSL certification
- JumpServer enhance the security for user login
- Switching users for asset login on JumpServer
- JumpServer High-Risk Command Restrictions
- Restricting IP Source for JumpServer Login
- JumpServer supports MFA tools
- JumpServer configures the period of session expired