A Bastion Host is one of the main components of the firewall in the Intranet network. It is a highly fortified server inside the firewall that is the main point of contact for Intranet and the Internet.
What is a Bastion Server?
As a strongly configured server isolated as the main point of contact, it protects against attacks from the Internet for the rest of Intranet resources.
A bastion host is built in such a way that every possible service on the network is disabled once, and among them all the server does is to allow certain Internet access.
Therefore, no one should have a user account on a bastion host to log in, take control, and access the Internet.
Even NFS (Network File System), which allows a system to access files over a network on a remote system, should be disabled.
To prevent intruders from accessing the server, the intranet must be disabled to access its own subnet as part of the firewall.
No Intranet resource is compromised by directing intruders to a specific network. Bastion servers need to be configured to record all activity so that Intranet administrators can understand when the network is being attacked.
Usually, they keep two copies of the system log for security reasons. First, a copy of the log is kept in case the log is destroyed or tampered with. Second, a copy is kept so that it can always be used as a backup.
Another way to keep a safe copy of the registry is to connect the bastion host via a serial port to a dedicated computer whose sole purpose is to monitor the backup registry.
Because automated monitors are more complex than control software, they regularly check the bastion server’s system logs and send an alarm if they find a suspicious pattern.
For example, an alarm may be sent if one attempts more than three failed connections. Some hosts may have control programs that actively examine whether an attack has been launched against them.
One way to check this is to use a monitoring program that checks if any software on the server has been modified by an unauthorized person.
The checking program calculates a number based on the size of an executable program on the server and then calculates the check number regularly to see if it has changed last.
If this control number is changed, it means someone tampered with the software, which could indicate an external attack. When a castle server receives a request from a server, such as sending a web page or distributing e-mail, the server does not process that request itself but instead sends the request to the appropriate server.
The server processes the request and then sends the information back to the server. A firewall can have multiple bastion computers and each can manage a variety of Internet services for specific networks.
Sometimes this server can act as an Internet-specific server using it as a victim machine. Victim machines can be used to provide Internet services for security restrictions, using a proxy or filtering router.
If the servers are accessed by accessing the victim machine instead of a host with other services, other bastion hosts are not affected.
Backup servers are proxy servers that are an integral part of many security systems. It is a proxy server and a server placed on a firewall that acts as an intermediary between computers on the Intranet and the Internet.
Proxy servers usually work with baton hosts. Many individual computers on the Intranet only interact with the proxy server Internet so security can be provided because the server can be more secure than hundreds of individual computers in the Intranet.
Network administrators can configure backup servers that can be used for many services such as FTP, Web, and Telnet, and decide which Internet services should or should not pass through a backup server.
Special backup server software is required for each different type of Internet service. When a computer on the network makes a request from the Internet, such as retrieving a Web page from a Web server, the internal computer makes a connection to the Internet server.
The web server sends the Web page to the backup server and then sends it to the computer where the request is received.
The proxy servers record every state of the network traffic passing between the Internet and the Intranet. A backup server can track every session in every Telnet section on the Intranet and also examine how it reacts to the external server on the Internet.
Proxy servers can record every IP address, access date and time, URL, number of bytes received. This information can also be used to analyze any attack launched against the network. It can also help network administrators create better access and services for employees.
Some proxy servers need to work with special proxy clients. Also, because proxy servers can do more than forwarding requests between an Intranet and the Internet, they can make security designs effective.
For example, it can be configured to allow files to be sent from the Internet to a computer on the Intranet, but prevent files from being sent from the corporate network to the Internet, and vice versa.
In this way, network administrators can prevent anyone outside the company from receiving corporate data or prevent Intranet users from receiving files that may contain viruses.
Proxy servers can also be used to speed up the performance of some Internet services by storing data. For example, a proxy web server can store many web pages so that whenever someone on the network wants to receive any of these web pages, they can retrieve them directly from the proxy server at high speed, rather than from the Internet at a lower speed.