Overview
Bastion Host (BH) is a centralized Ops management system integrating account, authorization, and authentication management and comprehensive audit. It provides IT asset access proxy and smart operation audit services and establishes a comprehensive security management system covering pre-event prevention, mid-event monitoring, and post-event audit. In addition, it can promptly trigger alarms for abnormal behaviors to prevent internal data leakage and help enterprises pass the CCP evaluation.
BH features:
A centralized management platform for you to reduce your system maintenance workload.
Comprehensive user and resource management for you to reduce your maintenance costs.
Strict resource access policies and strong authentication means to fully secure your system resources.
Detailed records of user access to and operations on resources for user behavior audit.
Features
BH audits a variety of mainstream Ops protocols and keeps detailed records of server and OS Ops to ensure that your security issues can be effectively traced.
Authentication management
BH provides differentiated authentication methods according to different needs. It supports the basic static password method and can integrate existing authentication methods (such as LDAP). It also supports two-factor authentication for higher security and unified authentication management.
Authorization management
BH centrally manages and controls user permissions to access assets. It controls not only asset access permissions but also operation commands, clipboards, and file transfers at a fine granularity. Its authorization is based on the principle of least privilege, which grants users the minimum level of permissions to access an asset and complete a task.
Asset access
BH supports the account and password for managed IT assets to allow for SSO login by Ops engineers to the target assets for Ops operations. Therefore, Ops engineers only need to remember their BH account and password but not all the asset accounts and passwords.
Operation audit
BH records and analyzes all user operation logs. It monitors user behaviors while performing data mining through centralized audit data for easier post-event traceability and identification of liability.