Talk:Bastion host

What's the difference between a proxy server and a bastion host? 64.106.131.10 14:07, 14 March 2007 (UTC)

-- A bastion host is a proxy server, used mainly for network control/security. 69.3.185.246 03:44, 12 July 2007 (UTC)

Actually, a proxy server is a bastion host. A bastion host is not necessarily a proxy server. A proxy server is a type of gateway where as a bastion host is simply a hardened host. The justification for hardening is that the host is exposed to attacks (typically external attacks although I don't see why it couldn't be also exposed to internal attacks). The use of the term bastion is meant to emphasize the fortified (or hardened) nature of the system. It make sense for a proxy server to be a bastion host since it usually sits on the periphery of a network and acts as a gateway thus defining a entry point and logical target for attackers. However, all bastion hosts are not proxy servers (e.g. a hardened web server is a bastion host). Kfinnigin 01:41, 16 August 2007 (UTC)

-- Bastion Host does not always = Proxy server.

Think about a caching web proxy, that is solely there improve performance. Ie the internal hosts can connect to the external network, but usually connect via proxy to improve perf or reduce bandwidth usage.

Apparent Conflict with SANS and CISSP Definition
According to the article on the SANS Institute's website a bastion host is a host that "is fully exposed to attack". However, in the "Official (ISC)2 Guide to the CISSP CBK", bastion hosts "serve as a gateway between a trusted and untrusted network that gives limited, authorized access to untrusted hosts." I'll try to incorporate both view points in my revision. Kfinnigin 23:50, 16 August 2007 (UTC)

-- Tried linking dual-homed and screened hosts but apparently their are no articles for them yet. Instead of writing those articles, I'm going to expand on them in this article since they are closely related to bastion hosts. Kfinnigin 12:54, 18 August 2007 (UTC)

Appended content
V1K 16:25, 15 November 2010 (UTC)Did some proper referencing & added a new reference. Added some contents too. —Preceding unsigned comment added by Vik001ind (talk • contribs) V1K 16:30, 15 November 2010 (UTC) removed the tag nofootnote [dated April 2010]

Honeypot
How is a Honeypot an example of a Bastion host? Surely it's the exact opposite of the description in the summary: "[a computer] specifically designed and configured to withstand attacks". 82.118.92.4 (talk) 15:37, 27 August 2014 (UTC)