Network+ Exam
Jumpbox
October 29, 2025
- #network+
Jumpbox
internet-facing host - any host that accepts inbound and connections from the internet.
Bastion Host - host or servers in the screened subnet not configured with any services that run on the local network.
jumpbox - hardened server that provides access to other hosts within the screened subnet. must be very hardened.
admin connects to the jumpbox and the jumpbox connects to the hosts in the screened subnet. can be a VM.
The jumpbox and the management workstation should have the minimum required software to perform their job. must be fully hardened.
π₯οΈ Jumpbox (Bastion Host)
π Key Definitions
- Internet-Facing Host
- Any host that accepts inbound connections from the internet.
- High-risk; must be locked down.
- Bastion Host
- A host placed in the screened subnet (DMZ).
- Does not run internal LAN services.
- Purpose: safely handle external traffic.
- Jumpbox (Jump Server)
- A hardened server in the DMZ that admins use as a secure gateway to access internal resources.
- Only host exposed to the internet for admin access.
- Can be physical or a VM.
π How It Works
- Admin connects from outside β Jumpbox (via SSH/RDP).
- Jumpbox β connects to internal servers (in DMZ or Trusted LAN).
- Prevents direct admin access from internet to internal LAN.
βοΈ Hardening Requirements
- Minimal software β only whatβs needed (e.g., SSH, RDP).
- Patching & Updates β always current.
- Least Privilege β admin-only, role-based access.
- Network segmentation β firewall rules restrict its access.
- Monitoring/Logging β all connections logged.
β Exam Tips
- Jumpbox = secure gateway for admins into screened subnet.
- Bastion Host = hardened server in DMZ.
- Should not run unnecessary services.
- Often tested alongside concepts like DMZ, least privilege, and hardening.