Bastion Host

Ian Comings Advanced Security Research Paper 02/26/14

Bastion Host What is a bastion host? Many sources provide varying definitions of what a bastion host is and does. SANS defines a bastion host as “a computer that is fully exposed to attack.” WiseGEEK defines a bastion host as “the public face of an internal computer system or network to the Internet and is used to protect sensitive or private data and internal networks.” Linuxsecurity uses the term “application gateway” to describe a bastion host. And Webopedia explains that a bastion host is “a gateway between an inside network and an outside network.” What is the overall definition that readers can gain from these definitions? A bastion host is a computer or series of computers exposed to the Internet that protects the rest of the internal network from the wild west of the Internet while providing a gateway between the internal and external networks. What are the functions of a bastion host? A bastion host sits between the internet and the rest of your network and screens and filters the traffic flowing through it. Sometimes a bastion host is setup similar to a honeypot to distract or discourage hackers. Bastion hosts are usually fully locked down to prevent intrusions into the network. This is accomplished by locking down any ports and services not explicitly used by the bastion host. To add security, a bastion host will not divulge authentication information should it be compromised. Thus a bastion host is purpose-built to prevail against external attacks. What are the applications of a bastion host? There are many applications of a bastion host. Many of the services we use everyday are protected by a bastion host or served by one. Services from Ian Comings, Bastion Host 1

web hosting, FTP, proxy servers, and firewall gateways. VPN servers, DNS servers, DHCP servers, IP Port Mappers, Email servers, and honeypots make up the majority of the most common applications of a bastion host. One of the definitions of a bastion host defined it as an application-level gateway. This is a very secure gateway. Securing the gateway is accomplished in many ways. The more common methods are to run a secure version of the host OS while uninstalling all but the essential services. Sometimes bastion hosts are protected by additional authentication prior to accessing the services provided by the bastion host. Each time a proxy is used, it operates in a non-privileged user mode using a secure, private directory on the bastion host. Each private, secured directory uses very minimal disk usage to prevent hackers from inserting Trojans or sniffer applications into the bastion host. There are many benefits and limitations of bastion hosts. Bastion hosts provide the network admin complete control over each service as well as over the services it provides. Bastion hosts are able to provide extremely strong authentication and logging information with simple to configure filtering rules rather than those provided by a packet-filtering router. The limitations are varied but the most important is that a bastion host requires user intervention to change how it operates. Such as specialized programs being installed in order to access services such as proxies. Sometimes, accessing services requires more steps than normal due to the higher level of security provided by the bastion host. Overall, a bastion host is an important part of any secure network. It allows an admin to provide services to the network users while protecting the internal network from the external networks. A bastion host allows the admin to serve up a web site that can be edited internally and accessed externally. There are pros and cons but, the pros tend to outweigh the cons.

Ian Comings, Bastion Host 2

Works Cited Ashraf, S., and A. Joseph. “What is a Bastion Host?.” WiseGeek. Conjecture, 19 Feb. 2014. Web. 26 Feb. 2014. . Dillard, Kurt. “Intrusion Detection FAQ: What is a bastion host?.” SANS:. SANS.org, n.d. Web. 26 Feb. 2014. . Doten, Glenn. “Bastion Host—Glenn Doten’s Tech Notes.” Bastion Host – Glenn Doten’s Tech Notes. N.p., n.d. Web. 26 Feb. 2014. . Semeria, Chuck. “Internet Firewalls and Security: A technology Overview.” Linux Security. 3com, n.d. Web. 26 Feb. 2014. . “bastion host.” What is?. ITBusinessEdge, n.d. Web. 26 Feb. 2014. .

Ian Comings, Bastion Host 3