What is a bastion host?
Definition of Bastion Host
A bastion host is a specific computer in a network that has the objective of not affecting another part of the system by the attack from outside the network. For Example, the internet.
The most common application that the bastion host has is a proxy server or load balancer, these are not unique, but the most important.
According to Wikipedia, we can find examples of bastion server in the following services:
- DNS server
- Email server
- FTP server
- Honeypot
- Proxy server
- VPN server
- Web server
Wikipedia Article: Bastion host
Bastion Host as a part of a Firewall
In his paper “Thinking About Firewalls” Marcus J. Ranum proposes a simple way of thinking about the firewall design or solution in order to solve the problem of how to design it. In fact, he said: “is often confusion of terminology since firewalls all differ slightly in implementation if not in purpose” (Source: Thinking About Firewalls)
The bastion host, according to the author is: “A bastion host is a system identified by the firewall administrator as a critical strong point in the network’s security. Generally, bastion hosts will have some degree of extra attention paid to their security, may undergo regular audits, and may have modified software” (Source: Thinking About Firewalls)
Different types of uses for the bastion host.
Dual Homed Gateway
Screened Host Gateway
Screened Subnet
References: