Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Bastion Hosts

  • 23-10-2001 8:35am
    #1
    Bosco
    Closed Accounts Posts: 219 ✭✭


    Hi folks,

    Can anyone give me a definition for the term 'Bastion Host'? Are they still widely used? (or used at all?)

    Bosco


Comments

  • #2
    Trojan
    Registered Users, Registered Users 2 Posts: 16,414 ✭✭✭✭Trojan


    Sure, that's a very simple one... in the general sense of the term[1], a bastion host is a proxy gateway, sitting between the intranet and Internet. The name bastion is another word for stronghold.

    And yes, I'd say they're still in use!

    Al.

    1. Assuming there's no actually s/w or h/w product called "Bastion" to which you are refering.

    🎙️ The Recognized Authority Podcast



  • #3
    Trojan
    Registered Users, Registered Users 2 Posts: 16,414 ✭✭✭✭Trojan


    A bastion host is a computer system that is exposed to attack, and may be a critical component in a network security system.

    Special attention must be paid to these highly fortified hosts, both during initial construction and ongoing operation. Bastion hosts can include:

    Firewall gateways
    Web servers
    FTP servers
    Name servers (DNS)
    Mail hubs
    Victim hosts (sacrificial lambs)


    What is a Bastion Host?

    The American Heritage Dictionary defines a bastion as:

    1. A projecting part of a rampart or other fortification. 2. A well-fortified position or area. 3. Something regarded as a defensive stronghold.

    Marcus Ranum is generally credited with applying the term bastion to hosts that are exposed to attack, and its common use in the firewall community. In [1] he says:

    Bastions are the highly fortified parts of a medieval castle; points that overlook critical areas of defense, usually having stronger walls, room for extra troops, and the occasional useful tub of boiling hot oil for discouraging attackers. A bastion host is a system identified by the firewall administrator as a critical strong point in the network's security. Generally, bastion hosts will have some degree of extra attention paid to their security, may undergo regular audits, and may have modified software.

    Bastion hosts are not general purpose computing resources. They differ in both their purpose and their specific configuration. A victim host may permit network logins so users can run untrusted services, while a firewall gateway may only permit logins at the system console. The process of configuring or constructing a bastion host is often referred to as hardening.

    The effectiveness of a specific bastion host configuration can usually be judged by answering the following questions:

    1.How does the bastion host protect itself from attack?
    2.How does the bastion host protect the network behind it from attack?

    Extreme caution should be exercised when installing new software on bastion hosts. Very few software products have been designed and tested to run on these exposed
    systems.

    [edit]fix tags[/edit]

    🎙️ The Recognized Authority Podcast



  • #4
    Bosco
    Closed Accounts Posts: 219 ✭✭Bosco


    Thanks a million Trojan.

    I was under the false impression that a bastion host was an implementation of a specific technology, never thought it might be a general term.

    Bosco


Advertisement