Your IP: Unknown · Your Status: ProtectedUnprotectedUnknown
Bastion host

Bastion host

(also jump box)

Bastion host definition

A bastion host is a specialized computer designed and configured to withstand cyberattacks. The purpose of a bastion host is to prevent malicious traffic from entering the network by processing and filtering all incoming traffic. A bastion host resides outside the firewall, between two firewalls, or on the public side of a DMZ (demilitarized zone). It is deliberately exposed on a public network and is prone to attacks.

How a bastion host works

  1. Bastion hosts provide access to a private network from an external network (e.g., the internet). They act as proxy servers.
  2. A bastion host resides on its own subnet with an IP address accessible from the public network.
  3. The host only accepts specific types of connections (e.g., secure Secret Shell) with a range of IP addresses.
  4. Access to internal resources is controlled with preconfigured ACLs and allowlists.

Examples of bastion hosts

  • Mail
  • Domain Name System (DNS)
  • Web and file transfer protocols
  • Routers

Advantages of using a bastion host

  • Simpler security administration. Administrators can configure the internal network to block and allow certain types of traffic, making security management simpler.
  • Easier user management. Administrators don’t need to revoke access to each private network when employees leave.
  • Easy access to resources. You can access private resources from your local computer quickly and without additional admin effort.

Ultimate digital security