Equipos de
frontera que, situados fuera de la red interna, ofrecen servicios al exterior.
Equipos hacen virtud de la necesidad de estar bien asegurados pues están muy expuestos
a ataques externos.
Se dice que
un equipo está "fortificado" cuando se le han aplicado todas las
protecciones conocidas, de forma que no adolece de ninguna vulnerabilidad
conocida.
A special purpose computer
on a network specifically designed and configured to withstand attacks. [CNSSI_4009:2010]
(I) A strongly protected
computer that is in a network protected by a firewall (or is part of a
firewall) and is the only host (or one of only a few) in the network that can
be directly accessed from networks on the other side of the firewall.
(See: firewall.)
[RFC4949:2007]
A computer placed outside a
firewall to provide public services (such as World Wide Web access and FTP) to
other Internet sites, hardened to withstand whatever attacks the Internet can
throw at it.
Hardening is accomplished by
making the box as single-purpose as possible, removing all unneeded services
and potential security vulnerabilities. Bastion host is sometimes inaccurately
generalized to refer to any host critical to the defense of a local network.
http://www.watchguard.com/glossary/
A bastion host has been
hardened in anticipation of vulnerabilities that have not been discovered yet.
http://www.sans.org/security-resources/glossary-of-terms/
Système sécurisé dans
le but de supporter une application ou un service critique (ex.: firewall,
serveur Web).
http://securit.free.fr/glossaire.htm