Bastion Hosts (Multi-Factor Authentication)

A service of IET

Bastion hosts are gateways between internal and external networks. They help defend the internal network against attacks. The campus Bastion Host Service works by restricting access, among individuals outside the Data Center network, to Unix and Windows systems housed in the Data Center. 

For the Unix Bastions, individuals first log in to the secured SSH server (the Bastion host) using a hard token and a password with SSH. Hard tokens use one-time passwords, so even if a password is intercepted, it cannot be reused. After logging into the Bastion host using the hard token, the authorized individual can use SSH from the Bastion host to log in to other Data Center systems.

For the Windows Bastions, individuals first log in to the secured Terminal Services Server (the Bastion host) using a hard token and a password.  After logging into the Bastion host using the hard token, the authorized individual can RDP from the Bastion host to log in to other Data Center systems.

Features/Benefits: 
  • Multi-factor authentication for access to systems
  • Extra security layer to prevent unauthorized administrative access to systems
Get Started: 

Contact IT Express at ithelp@ucdavis.edu or call 530-754-4357

 

Availability: 

24/7

Support Center