Talk:Bastion host

From Wikipedia, the free encyclopedia
Jump to: navigation, search
WikiProject Computing / Networking (Rated Stub-class)
WikiProject icon This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.
Stub-Class article Stub  This article has been rated as Stub-Class on the project's quality scale.
 ???  This article has not yet received a rating on the project's importance scale.
Taskforce icon
This article is supported by Networking task force.
Note icon
This article has been automatically rated by a bot or other tool as Stub-Class because it uses a stub template. Please ensure the assessment is correct before removing the |auto= parameter.

What's the difference between a proxy server and a bastion host? 14:07, 14 March 2007 (UTC)

-- A bastion host is a proxy server, used mainly for network control/security. 03:44, 12 July 2007 (UTC)

Actually, a proxy server is a bastion host. A bastion host is not necessarily a proxy server. A proxy server is a type of gateway where as a bastion host is simply a hardened host. The justification for hardening is that the host is exposed to attacks (typically external attacks although I don't see why it couldn't be also exposed to internal attacks). The use of the term bastion is meant to emphasize the fortified (or hardened) nature of the system. It make sense for a proxy server to be a bastion host since it usually sits on the periphery of a network and acts as a gateway thus defining a entry point and logical target for attackers. However, all bastion hosts are not proxy servers (e.g. a hardened web server is a bastion host). Kfinnigin 01:41, 16 August 2007 (UTC)

-- Bastion Host does not always = Proxy server.

Think about a caching web proxy, that is solely there improve performance. Ie the internal hosts can connect to the external network, but usually connect via proxy to improve perf or reduce bandwidth usage.

Apparent Conflict with SANS and CISSP Definition[edit]

According to the article on the SANS Institute's website a bastion host is a host that "is fully exposed to attack". However, in the "Official (ISC)2 Guide to the CISSP CBK", bastion hosts "serve as a gateway between a trusted and untrusted network that gives limited, authorized access to untrusted hosts." I'll try to incorporate both view points in my revision. Kfinnigin 23:50, 16 August 2007 (UTC)

-- Tried linking dual-homed and screened hosts but apparently their are no articles for them yet. Instead of writing those articles, I'm going to expand on them in this article since they are closely related to bastion hosts. Kfinnigin 12:54, 18 August 2007 (UTC)

Appended content[edit]

V1K 16:25, 15 November 2010 (UTC)Did some proper referencing & added a new reference. Added some contents too. —Preceding unsigned comment added by Vik001ind (talkcontribs) V1K 16:30, 15 November 2010 (UTC) removed the tag nofootnote [dated April 2010]


How is a Honeypot an example of a Bastion host? Surely it's the exact opposite of the description in the summary: "[a computer] specifically designed and configured to withstand attacks". (talk) 15:37, 27 August 2014 (UTC)