• Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

8. Security > Bastion Hosts

Bastion Hosts

Bastion hosts are more complicated than Firewalls. Bastion host software is often run on ordinary PC or workstation hardware and is essentially a proxy server for requests coming from outside your organization, so bastion hosts are sometimes called reverse proxies.

Bastion hosts actually look inside packets for suspicious patterns. Each packet needs to be examined and then routed out to another interface. The examination may be several protocols deep, unlike a normal router that simply looks at the IP headers for the port number. While firewalls do not break a TCP connection, bastion hosts do terminate the connection and then make a new connection into your internal network so that the outside world cannot see your internal IP addresses. It is common to put the bastion host and web servers between two firewalls in a “DMZ”; this will slow access from inside the organization still further.


PREVIEW

                                                                          

Not a subscriber?

Start A Free Trial


  
  • Creative Edge
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint