Skip to main content

Home Bastion host

Bastion host

(also jump box)

Bastion host definition

A bastion host is a specialized computer designed and configured to withstand cyberattacks. The purpose of a bastion host is to prevent malicious traffic from entering the network by processing and filtering all incoming traffic. A bastion host resides outside the firewall, between two firewalls, or on the public side of a DMZ (demilitarized zone). It is deliberately exposed on a public network and is prone to attacks.

How a bastion host works

  1. 1.Bastion hosts provide access to a private network from an external network (e.g., the internet). They act as proxy servers.
  2. 2.A bastion host resides on its own subnet with an IP address accessible from the public network.
  3. 3.The host only accepts specific types of connections (e.g., secure Secret Shell) with a range of IP addresses.
  4. 4.Access to internal resources is controlled with preconfigured ACLs and allowlists.

Examples of bastion hosts

  • Mail
  • Domain Name System (DNS)
  • Web and file transfer protocols
  • Routers

Advantages of using a bastion host

  • Simpler security administration. Administrators can configure the internal network to block and allow certain types of traffic, making security management simpler.
  • Easier user management. Administrators don’t need to revoke access to each private network when employees leave.
  • Easy access to resources. You can access private resources from your local computer quickly and without additional admin effort.