|
|
|
A bastion host is a secure server that is exposed to the outside world.
- All unnecessary services are turned off, and only minimum services are left running.
- The bastion host is configured only for a network's necessary accounts, and may be configured as an FTP server, Web server, DNS server, or email server.
- Consistent and thorough backups are essential, because we can expect the exposed server to be attacked.
- The bastion host should be monitored closely, and often for possible compromise attempts.
|