Cisco Support Community
Community Member

why is logging important on a bastion host?

Hi, why is logging important on a bastion host?

Community Member

Re: why is logging important on a bastion host?

Hi Bhatia,

A bastion host is a computer that is critical to enforcing your organization's network security policy.

Bastion hosts must be highly secured as they are vulnerable to attacks due to the fact that they are exposed to untrusted or unknown networks and are main points of contact for users of trusted networks. Often, bastion hosts provide services to external users, such as Web services and public access systems. Because these computers are very likely to be attacked, they are often referred to as sacrificial hosts.

In rarer cases, bastion hosts are used as one of three components to construct a firewall system—the component that inspects network traffic at protocol layers above the Internet layer. The remaining two components are routers: one known as the internal router (separating the perimeter network from the internal network) and the other known as the external router (separating the perimeter network from the external, or untrusted network). Because bastion hosts only contain one network interface card, this computer cannot protect itself against IP spoofing attacks. Therefore, to prevent IP spoofing, the bastion host must be positioned between two routers; one router filters all requests from untrusted networks and the other filters all requests from the trusted networks to ensure that no spoofed packets reach the bastion host. These routers also verify that all network traffic that passes between them is addressed to the bastion host only. Figure C-1 depicts a firewall system that is constructed using a bastion host and two routers.

Figure C-1: A Bastion Host Configured as a Component in a Firewall System

Generally, a bastion host runs a general-purpose operating system, such as UNIX, VMS, Windows NT, rather than a ROM-based or firmware operating system. It gets its name from the highly fortified protections on the outer walls of medieval castles. See also dual-homed bastion host and firewall server.

CreatePlease to create content