For compliance reasons, Alert Logic® only allows specific internal users to maintain the health, modifications, and compliance of the appliances. All access to appliances occurs from jumpboxes located within Alert Logic SSAE 16 audited data centers. Access to these jumpboxes is restricted only to Alert Logic technicians who need to access appliances as part of their appliance support role.
Jumpbox access is centrally managed and a strong password policy is enforced. Multi-factor authentication using a strong password and a time-based token is required to access a jumpbox. In addition, communication between the jumpbox and technician workstation is encrypted using DTLS and SSHv2.
The technician issues a command from the jumpbox to a command and control server to access an appliance. When the appliance performs its next check-in with the Alert Logic cloud infrastructure, it receives an instruction to open a reverse SSH tunnel. The Alert Logic technician then connects to this secure tunnel to access the appliance.
The Alert Logic technician authenticates with the appliance using public keys, which requires confirmation of the technician’s password to access. This gives the technician access to the appliance to run a limited set of status commands, such as retrieving statistics and viewing system information. Privileged commands (such as start/stop services, modify configuration, read log files) require the Alert Logic technician to enter a password unique to each appliance. These unique passwords are changed every quarter.
Historically, the connection to the appliance was made directly from the jumpbox via SSH. Some customers may still allow inbound access from Alert Logic data centers for this reason. Alert Logic now advises customers to remove this access since it is no longer needed.