A breakdown of the individual controls that exist associated with the Edgescan JumpBox.
Version Number: v1.0.1
Published Date: 14 May 2024
____________________________________________________________________________
- The JumpBox is not exposed to the internet as it does not need a public IP. We provide the public IP of the Cloud Control and the port and protocol that is required to access it.
- This means you can completely lock down the external connectivity of the JumpBox using standard firewall rules.
- Correspondingly, the Cloud Control box IP is restricted within Edgescan’s infrastructure only and is not accessible from the public internet. They can only be interacted with via the JumpBox.
- The JumpBox is extremely lightweight and therefore presents a very small attack surface.
- The JumpBox does not store any information about the internal network infrastructure that is scanned through it.
- The JumpBox cannot initiate connections through the tunnel to our VPC. This is due to NAT and ACL rules on the Cloud Control.
- The OpenVPN connection uses the AES-256-CBC cipher for encryption. This is regarded as impenetrable using current technology.
- Key exchange uses 2048-bit Diffie-Hellman parameters which is deemed secure against attackers with nation-state resources.
- Authentication between the JumpBox and the Cloud Control is with X509 certificates that use a 2048-bit key. The certificates are signed with an ephemeral CA, therefore an additional trusted certificate can never be generated.
- Cloud Control machines are only accessible from the JumpBox using the port and protocol required for the OpenVPN connection.
- Edgescan is ISO27001 certified (Client Reg: 2018/2714).