In scenario1(videoserver) some attacks need actions executed from admin-pc. In order to make those hosts accessible by attackm8, the mgmt-host is allowed to have password-login via ssh. This is insecure in environments where the mgmt-host is hosted with a public ip(public cloudprovider).
I can think of possible solutions like:
- create another jumphost, that is only for the simulation and has no floating-ip
- add the inet-network to the adminpcs so that they are dual-homed and can directly accessed by attackm8
In scenario1(videoserver) some attacks need actions executed from admin-pc. In order to make those hosts accessible by attackm8, the mgmt-host is allowed to have password-login via ssh. This is insecure in environments where the mgmt-host is hosted with a public ip(public cloudprovider).
I can think of possible solutions like: