WAB is dead, long live the Bastion 6.0
Our R&D team took the opportunity of this release to reinforce every aspect of the Bastion to provide new capabilities, but also a very stable version benefiting from state-of-the-art security.
The new and improved WALLIX Bastion
This new Bastion release benefits from our new processes:
- New Agile product life cycle to provide more flexibility to our developments and to push requested features quickly with minor releases.
- Quality assurance is reinforced with the ability to offer early versions to our partners for testing and approval early on, within their own infrastructure.
On the security side, our Core, Platform, and Proxy teams are continuously improving the Bastion fortification by upgrading and implementing new proved communications protocols and cryptographic algorithms, such as proposing ChaCha20 or using Elliptic Curve Cryptography. Moreover, the Bastion offers certificate management AND certificate generation so that it is no longer necessary to deploy public keys on every single server and it becomes possible to use ephemeral keys to restrict the time availability of the key for example.
A new version also means new capabilities.
The Session Manager: 3 New Features
- Possibility to inject scripts when a user session starts. This allows, for example, privilege escalation thanks to SU/SUDO command injection.
- Remote APP for RDP is now supported, still with the Bastion’s unique capability for the user to choose the system to access
- Upgrade of the 4-eyes mode and of the SSH audit mode so that public formats are used (MP4/HTML5/ttyrec) and more granular data are provided as metadata for the audit mode. RDP and SSH video players are integrated to provide a smooth user experience.
Password Manager: 2 New Features
- As you already know, WALLIX now offers an Application-to-Application-Password-Management (AAPM) module so that your servers can automatically store and extract passwords from the Bastion Vault.
- As for identification, Bastion 6.0 proposes a native approach to security management with now the ability to rotate SSH keys. In addition, identification management is centralized with check-in/check-out capabilities.