A bastion host is a computer designed to withstand attacks. It hosts a single application, such as a proxy server, which serves as a gateway between the internal network and the Internet.
A bastion host can repel attacks because it only runs the application while all other services are removed or reduced. It has tighter security because it is usually located on the firewall or outside it. So, even if untrusted computers or networks can access it, it does not put the other systems in the internal network at risk.
Other interesting terms…
Read More about “Bastion Host”
A bastion host is often customized to protect an intranet or internal network. It lies outside the network and only serves as a line of communication from the inside out. In cases where a bastion host serves as a honeypot or decoy system for cyber attacks, it attracts attacks so their sources can be traced and consequently blocked.
How Do Bastion Hosts Work?
- Every network service that won’t affect how a bastion host runs is disabled. The only thing it does is allow internal computers to gain Internet access. So, bastion hosts do not have user accounts. That way, no one can log into and take control of it to gain access to the intranet. Even the Network File System (NFS), which lets a computer access files in a network remotely, should be disabled so intruders can’t use the bastion host to extract data from the intranet. The best place to put a bastion host is on its own subnet or network on an intranet firewall. Even if it was hacked, no other intranet resources could be compromised.
- Bastion hosts log all activity, so network administrators can tell if the intranet is under attack. They often keep two copies of system logs. That way, if one is destroyed or tampered with, the other is still available as a backup. One way to keep a secure copy of the log is to connect the bastion server via a serial port to a dedicated computer, whose only purpose is to keep track of the secure backup log.
- A bastion host has an automated monitor or a sophisticated program that regularly checks its system logs and sounds an alarm if it finds a suspicious pattern. An example would be someone attempting more than three unsuccessful logins.
- Users can place a filtering router between the bastion host and the intranet for additional security. The filtering router can check all packets between the Internet and the intranet while dropping unauthorized traffic.
In sum, a bastion host does not allow direct access to and from the intranet to the Internet. Every time a computer connected to the intranet accesses the Internet, it sends the request to the bastion host. The bastion host then gets the results. These results pass through the firewall, which checks if they are safe to send to the intranet-connected system. Only when the data passes the security check can the computer asking for it gets it. In a sense, none of the internal IP addresses show up outside the network. Any external user will only find the bastion host’s IP address, adding a layer of protection to the intranet.
What Are the Types of Bastion Hosts?
Bastion hosts can come in various types, such as:
- Domain Name System (DNS) server
- Email server
- File Transfer Protocol (FTP) server
- Honeypot
- Proxy server
- Virtual private network (VPN) server
- Web server
Why Should You Use a Bastion Host?
The primary purpose of using bastion hosts was to help secure an organization’s intranet against external threats, such as those coming from the Internet. But this use case was expanded to include web services in the advent of cloud computing.
For one, Amazon Web Services (AWS) recommended the implementation of bastion hosts. In this sense, a bastion host is a server that allows users to access a private network from an external network like the Internet.
What Are the Security Risks of Using a Bastion Host?
Like any other technology application, bastion hosts expose organizations to security risks. These risks stem from the fact that bastion hosts provide internal access through the Secure Shell Protocol (SSH) protocol. SSH is an encryption and authentication method widely used in communications between networks.
Cyber attackers often target it since gaining access to the SSH encryption keys can give them high-level access to the protected network. It’s like giving thieves a master key that can open any room in a house. Once attackers have the SSH key, they can bypass the bastion host and access the internal network.
Another risk bastion hosts pose is that they are publicly visible. As such, attackers may find it easy to obtain access through brute-force attacks where they use trial and error to guess passwords or SSH keys.
What Are the Best Practices for Securing Bastion Hosts?
Some of the security best practices that organizations implement for their bastion hosts are:
- Limit access to a bastion host: Only authorized users must have access to the bastion host. Administrators may only allow access if the IP address is whitelisted.
- Multifactor authentication (MFA): Requiring more than one authentication method can help protect SSH keys from landing in the wrong hands. Aside from passwords, companies can require users to also key in a one-time security code.
- Strip the bastion host of unnecessary features: Since bastion hosts are prime targets of cyber attacks, it’s best to keep its attack surface as small as possible. It should only support features related to its primary purpose. For instance, features that allow users to log in as guests should be removed if the bastion host only allows high-level access.