--- Marcio Henrique Leiner <[EMAIL PROTECTED]> wrote:
> Well, by myself, bastion host is something different, but I am not an
> firewall/bastion expert. As I can see, bastion is one machine, that stay
> in front of the firewall, or in the DMZ, that have some important
> service
> running within and is accessible from the internet ( a probably goal for
> an attacker ) and due that need to be "more secure" than a normal host.
Mostly, I agree with Mark. But I add:
I don't think you'll find a perfect definition of a bastion host.
Different books say different things. However you can consider the
characteristics of a bastion host:
A bastion host is suitably hardened.
A bastion host is used for defence.
A bastion host bears the brunt of untrusted connections.
The root of the term "bastion" comes from castles where it is a
"projection part of a fortification."
In that sense, a bastion host can be thought of as an extension of a
secured network, which is why they are often thought of as part of a
firewall architecture.
Where one physically places a bastion host is also another interesting
question.
__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
