BEGIN:VCALENDAR
PRODID:-//vBulletin 6//EN
VERSION:2.0
CALSCALE:GREGORIAN
BEGIN:VEVENT
UID:60d960c5-1c98-4c91-a8bd-6009ba52735b
DTSTAMP:20260524T150804Z
SUMMARY:21 Jump Server: Going Bastionless in the Cloud
DESCRIPTION:Title: 21 Jump Server: Going Bastionless in the Cloud\n\nDescri
 ption:\nIf you are a customer of AWS\, Azure\, or GCP\, you may have deplo
 yed your own bastion hosts to provide RDP or SSH access to your virtual ma
 chines. While bastions help to protect your infrastructure\, there are cha
 llenges that come along with them\, such as managing the identities\, obta
 ining logs\, and preventing SSH multiplexing attacks.\n\nIn this talk\, we
  will briefly review bastion hosts and some of their shortcomings\, as wel
 l as the SSH multiplexing attack. The SSH multiplexing attack uses a featu
 re of SSH to pivot from a compromised laptop to your bastion hosts. From t
 here\, the attacker could use this feature to compromise other users and g
 ain access to your virtual machines hosted in the cloud.\n\nFinally\, we
 ’ll show you services that provide access to your virtual machines in al
 l three major cloud providers that eliminate the need for bastion hosts. S
 ome providers have more than one alternative. However\, this presentation 
 will not present all of the alternatives. It is focused on the services th
 at generally take the following approach:\n\nUsers authenticate to the acc
 ess service with their Identity and Access Management (IAM) credentials fo
 r the cloud provider.\nOnce authenticated\, the cloud service creates an e
 ncrypted tunnel with port forwarding\, which runs SSH or RDP for the user.
 \n\nThe benefits of this approach include:\nPublic IP addresses are not re
 quired in order to access the virtual machines.\nIt eliminates the possibi
 lity of compromising an entire organization with SSH multiplexing attacks.
 \nIn some cases\, disabling a user’s IAM credentials also removes SSH or
  RDP access.\nCloud audit logs will capture metadata for RDP or SSH sessio
 ns\, and in some cases\, full session logs are easy to collect through the
  provider’s service.\nWe’ll cover Session Manager in AWS\, OS Login an
 d Identity-Aware Proxy (IAP) in GCP\, and the Bastion Service in Azure. Yo
 u’ll see how the services work\, how they help with identity management\
 , and where to find the SSH sessions in logs.\nIf you are migrating to any
  of these platforms\, this could save you from having to go through the pa
 in of deploying your own solutions!\n\n=====\n\nYouTube: https://www.youtu
 be.com/watch?v=gwBG_oKDINQ\n\n#cloudv-general-text: https://discord.com/ch
 annels/708208267699945503/732733373172285520\n\nSpeaker(s): Colin Estep\n\
 nLocation: Cloud Vlg\n\nDiscord: https://discord.com/channels/708208267699
 945503/732733373172285520\n\nEvent starts: 2020-08-08 12:30 (12:30 PM) PDT
  (UTC -07:00)\n\nEvent ends: 2020-08-08 13:15 (01:15 PM) PDT (UTC -07:00)\
 n\nFor the most up-to-date information\, please either visit https://info.
 defcon.org\, or use HackerTracker\, which is available for iOS and Android
 . This is an automated message\, and this data was last modified 2020-08-0
 8T05:42 (UTC).
URL:https://forum.defcon.org/node/234720
DTSTART:20200808T203000Z
DTEND:20200808T211501Z
LOCATION:Cloud Vlg
END:VEVENT
END:VCALENDAR