> Problem is that now a cracker just needs to subvert the "Bastion host" which
> is visible to the outside. If this is done, the screening router will permit
> the traffic, thus creating a "single point vulnerability". With the router
> first, both need to be subverted particularly if the basion uses aliases.
The problem either way is that cracker just needs to subvert the bastion
host. Even with a screening router the bastion host is visible to the
outside world, or it wouldn't be reachable. I'm not convinced that
putting the bastion host inside the screening router is better and I
think that it may in fact be worse.
Screening & routers
From: padgett @
com (A. Padgett Peterson, P.E. Information Security)