Bastion Hosts

Notes:

A bastion host is a secure but publicly accessible machine. It may process incoming mail and news requests or it may provide access to resources through the Web or FTP. It’s a bit like your organisation’s reception. People can walk in off the street, make inquiries, collect product literature but they shouldn’t easily be able to get past the receptionist into the rest of the building.
A bastion host is obviously the focus for any attack on your network and should therefore be secure. Security and simplicity go together. The bastion host should only run the services specified by the site security policy, everything else should be disabled. It may even be a good idea to run multiple bastion hosts, perhaps one hosting mail and news and the other the Web. This helps to ring-fence each service. Network logins to the bastion should be disabled and there must be no ordinary user accounts.
The operating system should be one that offers good security but at the same time is understood by the administrator. All known security patches should be applied. Only the components required to run the designated services should be installed, in particular this means no compilers. If software needs to be built this should be done on a different machine.
Be prepared for the bastion host to be broken into to. The bastion should be closely monitored. It is also a good idea to use a machine that is ‘just fast enough’ for the job. Slower machines are less useful for running password crackers or network scanning software.
There should only be minimal trust between the bastion and other hosts and some further level of security should exist between the bastion and the network in general. We will discuss this in the next chapters.