First page Back Continue Last page Summary Graphic
A bastion host is a machine which serves a single purpose. It can be dangerous to have one machine as the web server, name server, firewall, ftp server and so forth. If the host is compromised through, say, a cgi exploit on the webserver, it would be trivial to compromise all of the network services on this host, and expose your other hosts to compromise. The more you can separate critical services, the harder it is to compromise them.