A bastion host, sometimes also known as a jump server or jump host, is a server that provides services for the public Internet or untrusted networks (for example, large non-segregated intranet environments) or accesses the public Internet as a proxy or mail server and therefore needs special protection against attacks. The Bastion Host role is suitable for servers in exposed areas and should therefore not be combined with other server roles.
Configuration of Bastion Host
For protection, the server is placed in a network that is protected from both the Internet and the internal network by a firewall. Such a network is called a demilitarized zone. The firewalls used to secure this separate network should be configured as restrictively as possible. For example, direct access to the Internet from the internal network should not be possible. Also, only the ports that are needed for operation should be released. As a rule, a web server will not establish its own access to other web servers on the Internet. Therefore, the firewall should prohibit the establishment of a connection to port 80.
Such a computer should always be shielded from access accordingly. In the case of on-premises operation, only authorized persons should be granted access to the data center. In a cloud environment, the permissions must be set accordingly.
When configuring such a computer/server, it is important to ensure that only the software that is absolutely necessary for the operation of the computer is installed. During installation, care should be taken to install only the features that are absolutely necessary for operation. In addition, the applications should only be provided with the permissions that are absolutely necessary for operation. The installation of development environments should therefore be avoided so as not to support attackers in the event of a breach by providing appropriate tools. It is also important to avoid running multiple services on one computer, as this increases the risk of an attack.
Image credit: Amazon Web Services
Monitoring and Operation
The operation of such a computer should be carried out only by experienced administrators, as it is necessary to constantly control the activities by analyzing the log files. In addition, the administrator should inform himself about currently known security vulnerabilities in order to be able to avert a threat to the system in advance.
In this case, the administrator must be able to assess whether the reported vulnerability is relevant to the affected system in order to protect the system from attacks by configuring the system appropriately or installing a patch.
In order to avoid wrong decisions in crisis situations, it makes sense to establish security policies, which should also include rules of conduct in the event of a successful attack. The organizational responsibilities for such decisions should also be clearly defined in such a document. Such guidelines can also be helpful for planning to avoid possible mistakes in advance.