Bastion Security

General

The bastion cluster itself consist of hosts which are regulary updated, and monitored. So we don't expect intruders here.

The unsecure part are the hosts which connect to bastion and the network between these hosts and bastion.

If the host is your own laptop, smartphone or home pc you should always install appropriate security software to detect viruses, trojans, keylogger and so on.

If the host is not under your control you should always calculate the risks. A public computer pool in a university is maybe safer than an internet cafe. If the host or the network is under control of a hacker there is always the risk that they grab your credentials.

Fingerprint

For the first time you connect to bastion via a local client, you get an fingerprint of the server. Please check this fingerprint here. If you trust the fingerprint the decision is saved. If the fingerprint changes afterwards you get a warning. Then you should check the fingerprint again, and if you are in doubt you should inform the UCO and don't enter your password.

Certificate

If you plan to use DESY Webservices it is recommended to install the DESY SSL Certificates chain in your browser.
We configured the service in a way that you only need the "Telekom Root Certificate" which comes with all usual Webbrowsers. If this one is missing you get a warning. In this case you should check the fingerprint of the certificate and if the computer ist trustworthy. If you are in doubt you should inform the UCO and don't enter your password.