Network Security Bastion Server
Jump to navigation
Jump to search
A Network Security Bastion Server is a special-purpose network security device that is designed to protect networks from attacks by serving as a gateway between an internal network and the external world.
- AKA: Bastion Host.
- Context:
- It can (typically) be hardened and secured to withstand attacks, acting as a single entry point to the internal network.
- It can (typically) simplify monitoring, auditing, and access management.
- It can (typically) be implemented as a server exposed to the public internet and configured with stringent security measures.
- It can (typically) enforce access policies, manage SSH keys, and log access for audit purposes.
- It can (typically) be part of a larger security strategy that includes firewalls, intrusion detection systems, and other security measures.
- It can be equipped with special networking interfaces to withstand high-bandwidth denial-of-service attacks through the internet.
- It can (often) be located either outside of a firewall or inside a demilitarized zone (DMZ), involving access from untrusted networks or computers.
- It can (often) allow for secure SSH (Secure Shell) or RDP (Remote Desktop Protocol) connections from the outside world to the internal network.
- ...
- Example(s):
- A server configured as a Bastion Host in a cloud computing environment or an enterprise network, acting as the primary access point for remote administrators.
- Specialized servers that host single applications or processes such as Domain Name System (DNS) Server, Email Server, File Transfer Protocol (FTP) Server, Honeypot Server, Proxy Server, Virtual Private Network (VPN) Server, Web Server, and Ansible Server.
- ...
- Counter-Example(s):
- A personal computer directly connected to the internet without additional security measures.
- A Network Firewall that is designed to block or filter traffic but is not specifically configured to serve as a secure entry point.
- See: Network Security, SSH, RDP, Firewall, Intrusion Detection System, VPN, Demilitarized Zone (Computing), Proxy Server, Firewall (Computing).
2024
- (Wikipedia, 2024) ⇒ https://en.wikipedia.org/wiki/Bastion_host Retrieved:2024-3-4.
- A bastion host is a special-purpose computer on a network specifically designed and configured to withstand attacks, so named by analogy to the bastion, a military fortification. The computer generally hosts a single application or process, for example, a proxy server or load balancer, and all other services are removed or limited to reduce the threat to the computer. It is hardened in this manner primarily due to its location and purpose, which is either on the outside of a firewall or inside of a demilitarized zone (DMZ) and usually involves access from untrusted networks or computers. These computers are also equipped with special networking interfaces to withstand high-bandwidth attacks through the internet.
2020
- (Wikipedia, 2020) ⇒ https://en.wikipedia.org/wiki/Bastion_host Retrieved:2020-5-5.
- A bastion host is a special-purpose computer on a network specifically designed and configured to withstand attacks. ...
2020
- (Wikipedia, 2020) ⇒ https://en.wikipedia.org/wiki/Bastion_host#Examples Retrieved:2020-5-5.
- These are several examples of bastion host systems/services:
- DNS (Domain Name System) server
- Email server
- FTP (File Transfer Protocol) server
- Honeypot.
- Proxy server.
- VPN (Virtual Private Network) server
- Web server.
- Ansible server.
- These are several examples of bastion host systems/services: