Risk R-002 - Compromise of Teleport Bastion access platform
| Field | Value |
|---|---|
| Risk ID | R-002 |
| Asset | Teleport Bastion (Platform – Owner: Sec) |
| Scenario | S-007 - Compromise of bastion access platform |
| Likelihood | 🟨 Medium - exposed administrative interface, potential credential theft or MFA bypass |
| Impact | 🟥 High - administrative access to all internal systems, bypass of access controls, exposure to Internet |
| Risk Level | 🟥 High |
| Owner | Sec |
| Last Review | 2026-03-08 |
| Next Review | 2026-09-08 |
Associated Controls:
- Enforce multi-factor authentication (MFA) for all privileged accounts.
- Restrict Bastion access to a limited set of trusted IPs.
- Centralized logging and SIEM monitoring for all login attempts and unusual activity.
- Periodic credential rotation and auditing of service accounts.
- Harden Bastion configuration and keep software updated.
- Implement just-in-time access policies where feasible.
References:
- ISO 27001 - Control 5.1 Policies for information security.
- ISO 27001 - Control 8.2 Privileged access rights.
- ISO 27001 - Control 8.16 Monitoring activities.
- NIST CSF - ID.AM Asset Management.
- NIST CSF - PR.AC Identity Management, Authentication and Access Control.
- EBIOS RM - Analysis of risks related to bastion compromise and lateral movement.
Response Actions:
- Containment - Immediately disable compromised accounts and isolate the Bastion from production networks if necessary.
- Eradication - Rotate credentials, revoke session tokens, review privileged access.
- Recovery - Restore Bastion from a hardened backup image, validate logs, and re-enable access.
- Post-incident - Conduct root-cause analysis, update access policies, and review SIEM detection rules.