Authentication : What is a bastion host?

A bastion host is a special purpose computer on a network specifically designed and configured to withstand attacks. The computer generally hosts a single application, for example a proxy server, and all other services are removed or limited to reduce the threat to the computer. It is hardened in this manner primarily due to its location and purpose, which is either on the outside of a firewall or in a demilitarized zone (DMZ) and usually involves access from untrusted networks or computers.

A bastion host is a computer that is fully exposed to attack.

The firewalls and routers can be considered bastion hosts.

These are several examples of bastion host systems/services:

  • DNS (Domain Name System) server
  • Email server
  • FTP (File Transfer Protocol) server
  • Honeypot
  • Proxy server
  • VPN (Virtual Private Network) server
  • Web server

There are two common network configurations that include bastion hosts and their placement.

  1. requires two firewalls, with bastion hosts sitting between the first “outside world” firewall, and an inside firewall, in a DMZ
  2. only one firewall exists in a network, bastion hosts are commonly placed outside the firewall



0 replies

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *