We are independent & ad-supported. We may earn a commission for purchases made through our links.
Advertiser Disclosure
Our website is an independent, advertising-supported platform. We provide our content free of charge to our readers, and to keep it that way, we rely on revenue generated through advertisements and affiliate partnerships. This means that when you click on certain links on our site and make a purchase, we may earn a commission. Learn more.
How We Make Money
We sustain our operations through affiliate commissions and advertising. If you click on an affiliate link and make a purchase, we may receive a commission from the merchant at no additional cost to you. We also display advertisements on our website, which help generate revenue to support our work and keep our content free for readers. Our editorial team operates independently of our advertising and affiliate partnerships to ensure that our content remains unbiased and focused on providing you with the best information and recommendations based on thorough research and honest evaluations. To remain transparent, we’ve provided a list of our current affiliate partners here.
Security

Our Promise to you

Founded in 2002, our company has been a trusted resource for readers seeking informative and engaging content. Our dedication to quality remains unwavering—and will never change. We follow a strict editorial policy, ensuring that our content is authored by highly qualified professionals and edited by subject matter experts. This guarantees that everything we publish is objective, accurate, and trustworthy.

Over the years, we've refined our approach to cover a wide range of topics, providing readers with reliable and practical advice to enhance their knowledge and skills. That's why millions of readers turn to us each year. Join us in celebrating the joy of learning, guided by standards you can trust.

What is a Bastion Host?

By S. Ashraf
Updated: May 16, 2024
Views: 11,921
Share

A bastion host is the public face of an internal computer system or network to the Internet and is used to protect sensitive or private data and internal networks. It is one computer or more, depending upon the size of the system and complexity of the security protocols, that is designated as the only host computer that can be addressed directly from a public network. Bastion hosts are designed specifically to screen the remainder of the computer network from being exposed to attack or other breaches of security from the outside. The bastion host is not a general-purpose computer but, instead, it is a special-purpose computer that must be specifically configured to withstand outside attack.

Typically, a network administrator will configure a bastion host to have only a single application, such as a proxy server, on the machine, because it is completely exposed to larger distrusted networks such as the Internet. All other applications, unnecessary services, programs, protocols and network ports are removed or disabled in such a way as to lessen threats to the bastion host. Even with trusted hosts within the computer network, bastion hosts will not share authentication services. This is done so that, even if the bastion is compromised, an intruder will not gain further access into the system that the bastion was designed to protect.

In order to be useful, a bastion host has to have some level of access by outside networks but, at the same time, this access makes it especially vulnerable to attack. To minimize vulnerability, hardening is done so that possible ways of attack are limited. A network administrator, as part of the hardening process, will do such things as remove or disable unnecessary user accounts, lock down root or administrator accounts, close ports that aren’t used and configure logging to include encryption when signing onto the server. The operating system will be updated with the latest security updates, and an intrusion detection system also might be run on the bastion host.

Bastion hosts are used for such services as mail hubs, web site hosting, file transfer protocol (FTP) servers and firewall gateways. A network administrator might also use this type of host as a proxy server, virtual private network (VPN) server or domain name Ssystem (DNS) server. The name "bastion" is taken from medieval history. For increased protection, fortresses were built with projections, called bastions, that allowed men to mass behind them and shoot arrows at attackers from a position of greater security.

Share
EasyTechJunkie is dedicated to providing accurate and trustworthy information. We carefully select reputable sources and employ a rigorous fact-checking process to maintain the highest standards. To learn more about our commitment to accuracy, read our editorial process.
Discussion Comments
Share
https://www.easytechjunkie.com/what-is-a-bastion-host.htm
Copy this link
EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.

EasyTechJunkie, in your inbox

Our latest articles, guides, and more, delivered daily.