A bastion host is a secure server that is exposed to the outside world.

  • All unnecessary services are turned off, and only minimum services are left running.
  • The bastion host is configured only for a network's necessary accounts, and may be configured as an FTP server, Web server, DNS server, or email server.
  • Consistent and thorough backups are essential, because we can expect the exposed server to be attacked.
  • The bastion host should be monitored closely, and often for possible compromise attempts.