On Wed, 17 Jan 1996, Steven K. Sharp wrote:
> Our company is going to be going to be getting one of the dual ethernet
> routers and I'm wondering if we still need a bastion host. One net will be
> the "secure" net and one open to the unwashed masses; of what use is the
> bastion host? Is FWTK is similar still needed? Obviously we want to be
> secure, but with this setup what does the bastion host provide? Any help or
> references are appreciated.
The bastion host serves basically as a stripped-down machine that runs
services that you may want to provide to the Internet (incoming WWW, FTP,
etc.), as well as providing a (more) secure method by which to retrieve
and forward email that is meant for people on your green (internal)
network. Also, the bastion host, if running a half-decent firewall
package, will most likely have better logging and auditing capabilities
than any router.
This is basically the concept of a "perimeter network". The external
router allows direct connections from the Internet to the hosts on the
perimeter network, while the internal router allows connections from your
internal network to the hosts and servers on the perimeter network.
Chris Woods Systems Administrator
com (office) Paladin Computing Solutions
net (home) http://www.paladin.com
"A computer without Windows is like a fish without a bicycle."