>Suppose instead that a bastion host outside the screening router
>handled only external traffic, like email, logins from remote sites and
>ftp, but had no NFS or other direct access through the screening
Then it would not exactly be a Bastion either in the dictionary sense
("an angular projection from a wall affording a crossfire on attackers")
or in the firewall sense (C&B pg 51 "an exposed gateway machine"), rather
this would be more of an "exposed repository" (sure there must be a better
word but do not have all of my resources handy) "vestibule" or "airlock"
maybe ? Would not even have to be co-located, any service provider could
well offer this function.
Possibly splitting heirs (Aspin) but we mis-communicate so often that it
is important to keep the terms straight.
From: paul @
com (Paul Ferguson)