Bastions

From DikapediaV2
Jump to: navigation, search


A Bastion Host is a special purpose computer on a network specifically designed and configured to withstand attacks.

  • The bastion generally hosts a single application, for example a proxy server, and all other services are removed or limited to reduce the threat to the computer.
  • It is hardened in a manner primarily due to its location and purpose, which is either on the outside of a firewall or in a DMZ (demilitarized zone(public subnet)) and usually involves access from untrusted networks.

A Bastion Host is a server whose purpose is to provide access to a private network from an external network, such as the Internet. Because of its exposure to potential attack, a bastion host must minimize the chances of penetration.


Securely Connect to Linux Instances Running in a Private Amazon VPC
https://aws.amazon.com/blogs/security/securely-connect-to-linux-instances-running-in-a-private-amazon-vpc/


Proxy Jump config file


https://www.redhat.com/sysadmin/ssh-proxy-bastion-proxyjump