36 minutes

Video Transcription

Hello, everybody. And welcome to this lecture. And it's like, Sure, we're gonna be talking about designing bash and hosts in the eight of us before we dive into that kind of want to talk about bashing host in case you don't know what that is.
Bash knows air, basically an instance where people can go into in order to access a more private, more secrets set of instances. And what I mean by that is if I pulled this network architecture, as you can see, there's some users here and that need to access these Lennox instances
in this private sub men.
So what they're gonna do is in order to get into the private seven, that which has no access over into the World Wide Web thes users, you know across the globe me to go through a bastion hosts with the Republic sub net in order to hop into the private sub net
and access the resource is and the Lenox instance.
That's all a bash in houses. It's like a It's like a man trap or something like that, where basically it's it's securing or limiting the access to the sensitive content. The sensitive resource is one by one so that you only have the correct authorized users
who know about that. The bashing host to authenticate with bashing hos before they access the Lenox instances
or whatever resource is our in the private sub net.
So you can think of bashing Hose basically is like a jump box. Or like I said earlier, like a man trapped kind of. If you were talking more physical security stance, it basically just acts as a as a point of an end point where people can go into in order to
hop into a more secure
network environments. So, like I said, public sudden that to private sub net, it's a secure method of accessing sensitive information and environments in the private sub net, and the user must have access to this public sudden it first of all, they must know about it. Usually that's gonna be secured. That's something that only
the people who architect and the people who work an engineer and that network environments will know about it. And so they know. Okay, if I'm going to have to get access to the private goods, I gotta go through the public endpoints, which is that secrets is only, you know, held between us. People who work in this environment
ends. We're going to go through the bastion host in order to hop over into the private sub nets
and access the information that is, you know, sensitive or confidential and in which ever since is appropriate to your project. And that's basically all Bastian hostess. You wantto really consider bashing host when you ever you're doing infrastructure security.
Because, like I said, you have sensitive information in your infrastructure, and you want to keep that away from
the World Wide Web as much as you can. And the one way to do that is to stick the sensitive information in the private, sudden it and creates a, uh, avenue of access through the public sudden that where the bashing host is held.
All right, that about wraps of this lecture. If you guys have any questions, feel free to reach out to me and one linked in I'm on Twitter and Instagram.
You can reach out to me on our website Nicolas mori dot com, and I'd be happy to continue this conversation in any which way. So if you guys ever have any questions with any of these courses. Please feel free to hit me up. All right. And that about wraps that this one feel free to jump into the next lecture. I will see you there.

Up Next

AWS Infrastructure Security

Looking to learn more about the security infrastructure offerings with AWS? You’re in luck! AWS offers a multitude of tools that secure your network and systems and in this course, we will introduce you to them.

Instructed By

Instructor Profile Image
Nicolas Moy
Senior Cloud Security Engineer