Many computer terms are fast becoming familiar to the public, but few non-specialists will have heard of bastion hosts. A bastion host is a networked computer that has been configured in special ways so that it will be able to resist cyber attacks and intrusions. Such a computer usually hosts only one application. For example, it is common for a proxy server to consist of a bastion host.
The term itself comes from computer scientist Marcus J. Ranum, who was writing about the function of firewalls when he explained that bastion hosts would need “some degree of extra attention paid to their security, may undergo regular audits, and may have modified software.”
Why Have a Bastion Host?
A computer that is a bastion host will serve a special purpose that requires it to reside outside a company’s firewall. A bastion host is the type of computer used to communicate with other systems, networks, or computers that are untrusted. Since its role in the organization and its place outside the company firewall make the bastion host a likely target for attacks, steps are taken to reduce the likelihood of a successful attack.
Protecting the Bastion Host
In order to make an attack less feasible, a bastion host will typically host only the services needed for it to carry out its primary mission. All other services are removed in its entirety, or are severely limited. These precautions reduce the likelihood that a threat can successfully be leveraged against the computer.
Companies that need a bastion host should work with an IT consulting firm to install and configure it so it poses little risk to the rest of the business network.