Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archive: newbie: Proxy as Bastion Host?

newbie: Proxy as Bastion Host?

Andre Anneck (andre.anneckpmbs.de)
Tue, 22 Jun 1999 08:24:13 +0200

Hi there,

I have been reading the security advisories of FreeBSD, Linux, read the
book "SATAN" from O'Reillly,
 and browsed through a lot of web-information about Firewall concepts etc.

I did all this because I am in need to present a Firewall concept to our
managers... *sweat*.
Now the Question.
I read that as bastion host is usually used as a proxy, socks,
auhtentification server that resides before the firewall. The idea behind
this bastion host is to only allow certain connection types _from_ the
bastion host to the firewall, and block off all other request of these
connection types. [right/wrong?]

Now, what I didnt find in the books is a good explanation WHY it would be
better to have the "proxy" outside as a bastion host, instead of behind the
firewall. The firewall could basically work as a proxy too...
Now as I trust the books when they say its better to have proxy be a bastion
host, I still have to explain the WHY to our managers....
Can someone explain the Why to me?

 Andre Anneck

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:19:01 CDT