Ian Comings Advanced Security Research Paper 02/26/14

Bastion Host
What is a astion host! "any sources provide varying de#initions o# $hat a astion host is and does% SA&S de#ines a astion host as 'a computer that is #u((y e)posed to attac*%+ Wise,--. de#ines a astion host as 'the pu (ic #ace o# an interna( computer system or net$or* to the Internet and is used to protect sensitive or private data and interna( net$or*s%+ /inu)security uses the term 'app(ication gate$ay+ to descri e a astion host% And We opedia e)p(ains that a astion host is 'a gate$ay et$een an inside net$or* and an outside net$or*%+ What is the overa(( de#inition that readers can gain #rom these de#initions! A astion host is a computer or series o# computers e)posed to the Internet that protects the rest o# the interna( net$or* #rom the $i(d $est o# the Internet $hi(e providing a gate$ay et$een the interna( and e)terna( net$or*s% What are the #unctions o# a astion host! A astion host sits et$een the internet and the rest o# your net$or* and screens and #i(ters the tra##ic #(o$ing through it% Sometimes a astion host is setup simi(ar to a honeypot to distract or discourage hac*ers% 0astion hosts are usua((y #u((y (oc*ed do$n to prevent intrusions into the net$or*% 1his is accomp(ished y (oc*ing do$n any ports and services not e)p(icit(y used y the astion host% 1o add security2 a astion host $i(( not divu(ge authentication in#ormation shou(d it e compromised% 1hus a astion host is purpose3 ui(t to prevai( against e)terna( attac*s% What are the app(ications o# a astion host! 1here are many app(ications o# a astion host% "any o# the services $e use everyday are protected y a astion host or served y one% Services #rom Ian Comings2 0astion 4ost 1

$e hosting2 51P2 pro)y servers2 and #ire$a(( gate$ays% 6P& servers2 7&S servers2 74CP servers2 IP Port "appers2 -mai( servers2 and honeypots ma*e up the ma8ority o# the most common app(ications o# a astion host% 9ne o# the de#initions o# a astion host de#ined it as an app(ication3(eve( gate$ay% 1his is a very secure gate$ay% Securing the gate$ay is accomp(ished in many $ays% 1he more common methods are to run a secure version o# the host 9S $hi(e uninsta((ing a(( ut the essentia( services% Sometimes astion hosts are protected y additiona( authentication prior to accessing the services provided y the astion host% -ach time a pro)y is used2 it operates in a non3privi(eged user mode using a secure2 private directory on the astion host% -ach private2 secured directory uses very minima( dis* usage to prevent hac*ers #rom inserting 1ro8ans or sni##er app(ications into the astion host% 1here are many ene#its and (imitations o# astion hosts% 0astion hosts provide the net$or* admin comp(ete contro( over each service as $e(( as over the services it provides% 0astion hosts are a (e to provide e)treme(y strong authentication and (ogging in#ormation $ith simp(e to con#igure #i(tering ru(es rather than those provided y a pac*et3#i(tering router% 1he (imitations are varied ut the most important is that a astion host re:uires user intervention to change ho$ it operates% Such as specia(i;ed programs eing insta((ed in order to access services such as pro)ies% Sometimes2 accessing services re:uires more steps than norma( due to the higher (eve( o# security provided y the astion host% 9vera((2 a astion host is an important part o# any secure net$or*% It a((o$s an admin to provide services to the net$or* users $hi(e protecting the interna( net$or* #rom the e)terna( net$or*s% A astion host a((o$s the admin to serve up a $e site that can e edited interna((y and accessed e)terna((y% 1here are pros and cons ut2 the pros tend to out$eigh the cons%

Ian Comings2 0astion 4ost 2

Works Cited Ashraf, S., and A. Joseph. What is a Bastion Host?. WiseGeek. Conjecture, 19 e!. "#1$. We!. "% e!. "#1$. &http'(())).)ise*eek.co+()hat,is,a,!astion,host.ht+-. .i//ard, 0urt. 1ntrusion .etection A2' What is a !astion host?. SANS:. SA3S.or*, n.d. We!. "% e!. "#1$. &http'(())).sans.or*(securit4,resources(idfa5(!astion.php-. .oten, 6/enn. Bastion Host76/enn .oten8s 9ech 3otes. Bastion Host Glenn Dotens Tech Notes. 3.p., n.d. We!. "% e!. "#1$. &https'((sites.*oo*/e.co+(site(*doten(free!sd(!astion,host-. Se+eria, Chuck. 1nternet ire)a//s and Securit4' A techno/o*4 :;er;ie). Linux Security. <co+, n.d. We!. "% e!. "#1$. &http'(()))./inu=securit4.co+(resource>fi/es(fire)a//s(nsc(?##%19.ht+/@Bastion Host-. !astion host. What is?. 19BusinessAd*e, n.d. We!. "% e!. "#1$. &http'(())).)e!opedia.co+(9ABC(B(!astion>host.ht+/-.

Ian Comings2 0astion 4ost <