Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
cdr:university_security [2017/03/24 05:35] jamesdro Add some nice information |
cdr:university_security [2019/10/26 20:37] (current) sjames5 Fix section ordering |
||
---|---|---|---|
Line 11: | Line 11: | ||
Our public webserver (the server that hosts ubnetdef.org, and all subdomains) is a dual-homed machine. The main reason this machine is dual-homed is so that it can proxy some requests to some of our internal machines. These proxy requests are a one-way connection. | Our public webserver (the server that hosts ubnetdef.org, and all subdomains) is a dual-homed machine. The main reason this machine is dual-homed is so that it can proxy some requests to some of our internal machines. These proxy requests are a one-way connection. | ||
- | To ensure the security of this server, we have placed additional firewall rules on this machine. More details on this machine can be found on [this page](/cdr/vms/ubnetdef). | + | To ensure the security of this server, we have placed additional firewall rules on this machine. More details on this machine can be found on [this page](/cdr/vms/web-server). |
==== Jump Boxes ==== | ==== Jump Boxes ==== | ||
Line 17: | Line 17: | ||
More details on this machine can be found on [this page](/cdr/vms/cdr-analyst). | More details on this machine can be found on [this page](/cdr/vms/cdr-analyst). | ||
+ | |||
+ | ==== MGS 650 bastion ==== | ||
+ | `cdr-netscan` is a Debian VM used by MGS 650. These students are not given access to vCenter, so they connect to this machine via SSH. This machine is connected to the [Cloud network](/cdr/networks/cloud). | ||
===== User Accounts ===== | ===== User Accounts ===== | ||
We currently have vCenter joined to UB's Active Directory, reducing the needs for additional accounts for the majority of UBNetDef. | We currently have vCenter joined to UB's Active Directory, reducing the needs for additional accounts for the majority of UBNetDef. | ||
- | All other user accounts are tracked via a central credential storage system - [Athena](/guides/credential_access). These user accounts are strictly for management purposes only. | + | To handle our internal infrastructure management (storage servers, routers, monitoring), we have an additional centralized authentication server. This machine is only accessible while on our internal networks. |