OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archive: newbie: Proxy as Bastion Host?

newbie: Proxy as Bastion Host?


Andre Anneck (andre.anneckpmbs.de)
Tue, 22 Jun 1999 08:24:13 +0200


Hi there,

I have been reading the security advisories of FreeBSD, Linux, read the
book "SATAN" from O'Reillly,
 and browsed through a lot of web-information about Firewall concepts etc.

I did all this because I am in need to present a Firewall concept to our
managers... *sweat*.
Now the Question.
I read that as bastion host is usually used as a proxy, socks,
auhtentification server that resides before the firewall. The idea behind
this bastion host is to only allow certain connection types _from_ the
bastion host to the firewall, and block off all other request of these
connection types. [right/wrong?]

Now, what I didnt find in the books is a good explanation WHY it would be
better to have the "proxy" outside as a bastion host, instead of behind the
firewall. The firewall could basically work as a proxy too...
Now as I trust the books when they say its better to have proxy be a bastion
host, I still have to explain the WHY to our managers....
Can someone explain the Why to me?

TIA,
 Andre Anneck



This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:19:01 CDT