Information, Computer and Network Security Terms Glossary and
A bastion host is a gateway between an inside network and an outside network, which is designed to defend against attacks aimed at the inside network. The system is on the public side of the demilitarized zone (DMZ), unprotected by a firewall or filtering router, and it is fully exposed to attacks. A bastion host must be hardened to anticipate attacks from the public. Typically, a bastion host will be configured with a firewall and provide services like web servers, DNS servers and mail servers.