Internal Testing Via JumpBox
      Back to home
      1. Help Center
      2. Scanning & Testing
      3. Internal Testing Via JumpBox

      What security controls exist on the Edgescan JumpBox?

      A breakdown of the individual controls that exist associated with the Edgescan JumpBox.

      Version Number: v1.0.1

      Published Date: 14 May 2024

      ____________________________________________________________________________

      • The JumpBox is not exposed to the internet as it does not need a public IP. We provide the public IP of the Cloud Control and the port and protocol that is required to access it.
      • This means you can completely lock down the external connectivity of the JumpBox using standard firewall rules.
      • Correspondingly, the Cloud Control box IP is restricted within Edgescan’s infrastructure only and is not accessible from the public internet. They can only be interacted with via the JumpBox.
      • The JumpBox is extremely lightweight and therefore presents a very small attack surface.
      • The JumpBox does not store any information about the internal network infrastructure that is scanned through it.
      • The JumpBox cannot initiate connections through the tunnel to our VPC. This is due to NAT and ACL rules on the Cloud Control.
      • The OpenVPN connection uses the AES-256-CBC cipher for encryption. This is regarded as impenetrable using current technology.
      • Key exchange uses 2048-bit Diffie-Hellman parameters which is deemed secure against attackers with nation-state resources.
      • Authentication between the JumpBox and the Cloud Control is with X509 certificates that use a 2048-bit key. The certificates are signed with an ephemeral CA, therefore an additional trusted certificate can never be generated.
      • Cloud Control machines are only accessible from the JumpBox using the port and protocol required for the OpenVPN connection.
      • Edgescan is ISO27001 certified (Client Reg: 2018/2714).