- Created on 11 August 2010
- Written by Sachin Mehndiratta
- Hits: 1335
A Bastion host is the fully secured computer on the network specifically designed to prevent from attacks. Generally, only one application is hosted on this computer and unused ports/services are removed to make it secure. Since, this computer is exposed to the untrusted networks and placed in the DMZ or outside of the firewall, so it becomes imperative to protect this computer from any kind of attack. Any request from the internet for intranet will pass through the bastion host and this host passes that request to the required internal server. We can host several services on the bastion host, like:-
· Honey pots
· FTP and so on.
While configuring bastion host, you should always take below into consideration to make bastion host less vulnerable to attack:-
· Disable or remove unnecessary or unused ports and services.
· Configure logging to monitor success and failure attempts made to access resources.
· Update the system by installing latest patches and service packs.
· Always install and run the intrusion detection system to prevent possible attacks.
· Rename or disable the administrator account.
· Perform regular auditing
· Use encryption for logging or disk storage
· Configure firewall
· Encrypt all passwords or file-system, if possible
· Create a system recovery DVD or tape
Log files generated on the bastion host can be used to check if intranet network has been attacked or not. Though these log files can be tempered, so it is the best practice to keep two log files. In case one log file is tampered, the other log file is always available. A dedicated server can be configured on the network to keep track of this secure backup log.