Valid security remediations @Mike. Thank you for reinforcing the security best practices before a hacking event happens. The Security strategy is only as effective as the weakest link. I always remember that. Quality video and prompt feedback.
I believe you 100% right. But the question is, why AWS certifications keep presenting the Bastion Host as the best way to access EC2 instance in a private subnet !?
Its the certification providers who spend so much time on bastion hosts. Working cloud architects and cloud security architects now not to make this mistake. Thats one of the many differences in whats taught in certification vs what customers actually use.
@@GoCloudArchitects I passed 2 AWS certifications. Some of the answers in the test are either wrong or at least are not the best solution. But, you have to follow their rules or you will fail the exam.
A bastion host is an exposed system on the internet that provides a sback door to enable remote access. It is a serious security flaw and is an invitation to hackers to come and hack me. A demilitarized zone is a semi protected subnet, that offers access to one service like web services. The DMZ is a protected zone that protects the internal network from the web services.
Thanks @Mike for the great explanation about why Not to use Bastion Host. Wondering why organizations still use it. How can we verify if the Bastion Host we use, what level of security it has been implemented with?
Pawan - honestly I have not seen a company use a bastion host in years. The companies that I worked with removed them about 20 years ago do to security risks. I have only seen this in certification courses. But then again there is a massive difference between certification and reality
Agree 100%! Thanks for clarifying how vpn concentrators work.
Thank you, Mike!
I'm glad it was helpful!
#cloudhired
Valid security remediations @Mike.
Thank you for reinforcing the security best practices before a hacking event happens.
The Security strategy is only as effective as the weakest link. I always remember that.
Quality video and prompt feedback.
Thank you so much for your comment, Precious!
#cloudhired
I believe you 100% right.
But the question is, why AWS certifications keep presenting the Bastion Host as the best way to access EC2 instance in a private subnet !?
Its the certification providers who spend so much time on bastion hosts. Working cloud architects and cloud security architects now not to make this mistake. Thats one of the many differences in whats taught in certification vs what customers actually use.
@@GoCloudArchitects
I passed 2 AWS certifications. Some of the answers in the test are either wrong or at least are not the best solution. But, you have to follow their rules or you will fail the exam.
We hope you enjoyed the video, please share your thoughts below!
You nailed this topic, generally, we get the information on where to put your bastion host but no one tells us how to secure it.
@@devendrajaisi1789 thank you.
I wanted to help clarify this to help others
Whats the difference between a bastion host and a dmz?
A bastion host is an exposed system on the internet that provides a sback door to enable remote access. It is a serious security flaw and is an invitation to hackers to come and hack me.
A demilitarized zone is a semi protected subnet, that offers access to one service like web services.
The DMZ is a protected zone that protects the internal network from the web services.
@@GoCloudArchitects Thanks Mike for the clarification. I guess what's been glorified in boot camp and certification courses ain't the reality.
Thanks @Mike for the great explanation about why Not to use Bastion Host. Wondering why organizations still use it. How can we verify if the Bastion Host we use, what level of security it has been implemented with?
Pawan - honestly I have not seen a company use a bastion host in years.
The companies that I worked with removed them about 20 years ago do to security risks.
I have only seen this in certification courses. But then again there is a massive difference between certification and reality
@@GoCloudArchitects Thanks much Mike!!
@@GoCloudArchitects used in my company
@@Jkudjo there are lots of cybersecurity breeches every day.
A lot to disagree with here.
Register for the FREE Azure Bootcamp, bit.ly/4chG5or
Thank you!
In short: "A bastion host is an insecure system and therefore it is insecure. Duhhhh" Jeezzz...