Bastion host

Bastion host

A bastion host is a special purpose computer on a network specifically designed and configured to withstand attack. The computer hosts a single application, for example a proxy server, and all other services are removed or limited to reduce the threat to the computer. It is hardened in this manner primarily due to its location and purpose, which is either on the outside of the firewall or in the DMZ and usually involves access from untrusted networks or computers.

Background

The term is generally attributed to Marcus J. Ranum in an article discussing firewalls. In it he defines bastion hosts as Quote|...a system identified by the firewall administrator as a critical strong point in the network's security. Generally, bastion hosts will have some degree of extra attention paid to their security, may undergo regular audits, and may have modified software.|Ranum, Marcus J.|" [http://www.vtcif.telstra.com.au/pub/docs/security/ThinkingFirewalls/ThinkingFirewalls.html Thinking About Firewalls] "

Bastion hosts are related to dual-homed hosts and screened hosts. While a dual-homed host often contains a firewall it is also used to host other services as well. A screened host is a dual-homed host that is dedicated to running the firewall.

ee also

* demilitarized zone (computing)
* hardening

Notes

References

* [http://secinf.net/unix_security/Building_a_Bastion_Host_Using_HPUX_11.html How to build a Bastion host]
* [http://www.clearswift.com/products/specialist/default.aspx Clearswift Bastion, a product example]
* [http://www.sans.org/resources/idfaq/bastion.php Sans Institute, Intrusion Detection FAQ: What is a bastion host?]

----


Wikimedia Foundation. 2010.

Игры ⚽ Поможем написать реферат

Look at other dictionaries:

  • Bastion host — Saltar a navegación, búsqueda Un Bastion host, en español anfitrión bastión, es un ordenador en una red que ofrece un único punto de entrada y salida a Internet desde la red interna y viceversa. Los anfitriones bastión se usan para mitigar los… …   Wikipedia Español

  • Bastion Host — Unter einem Bastion Host versteht man einen Server, der Dienste für das öffentliche Internet anbietet oder als Proxy oder Mailserver auf das öffentliche Internet zugreifen muss und daher besonders gegen Angriffe geschützt werden muss.… …   Deutsch Wikipedia

  • Bastion host — Обозначение для Узла бастиона Узел бастион (Bastion host)  так называют специально отведенный компьютер в сети, обычно расположенный на внешней стороне демилитаризованной зоны (ДМЗ) организации. Такой узел полностью открыт для атак, так как… …   Википедия

  • bastion host —    A computer system that acts as the main connection to the Internet for users of a LAN. A bastion host is usually configured in such a way as to minimize the risk of intruders gaining access to the main LAN. It gets its name from the fortified… …   Dictionary of networking

  • Bastion (disambiguation) — Bastion can refer to::Main use: *A bastion, a fortification work projecting outward from the main enclosure of a fortification.:Other uses: * Bastion (Nanaimo, British Columbia), an historic octagonal fort built in the early 1850s by the Hudson s …   Wikipedia

  • Bastion (Informatique) — Pour les articles homonymes, voir Bastion (homonymie). En sécurité des systèmes d information, un bastion (ou bastion host en anglais) est un élément du réseau informatique qui fournit un point d entrée et/ou de sortie unique vers Internet.… …   Wikipédia en Français

  • Bastion (informatique) — Pour les articles homonymes, voir Bastion (homonymie). En sécurité des systèmes d information, un bastion (ou bastion host en anglais) est un élément du réseau informatique qui fournit un point d entrée et/ou de sortie unique vers Internet.… …   Wikipédia en Français

  • Bastion Deluxe Hotel Amsterdam Amstel (Amsterdam) — Bastion Deluxe Hotel Amsterdam Amstel country: Netherlands, city: Amsterdam (City Rai Congress Centre) Bastion Deluxe Hotel Amsterdam Amstel The Bastion Hotel Amsterdam Amstel is ideal for guests who prefer a personal atmosphere, hospitality,… …   International hotels

  • DMZ-Host — Eine Demilitarized Zone (DMZ, auch ent oder demilitarisierte Zone) bezeichnet ein Computernetz mit sicherheitstechnisch kontrollierten Zugriffmöglichkeiten auf die daran angeschlossenen Server. Die in der DMZ aufgestellten Systeme werden durch… …   Deutsch Wikipedia

  • Dual homed host — Bei einem Dual Homed Host (DHH) handelt es sich um einen Host, der in zwei Netzwerkumgebungen beheimatet ist. Dies bedeutet meist, dass er IP Adressen aus mindestens zwei Netzwerken hat. Der DHH ist aus beiden Netzwerken heraus erreichbar, stellt …   Deutsch Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”