Taos Glossary

An explanation of industry terms that is a quick read, and knowledge base.


What is a bastion host?

Also called bastion servers, a bastion host is a network server specially designed and configured to withstand cybersecurity attacks. The point of a bastion host is to give users access to a private network from external networks. As an externally positioned, security-dedicated server, a bastion host provides authorized users with access to the private network and acts as the only access path to those internal network resources.

How does a bastion host work?

A bastion host is usually established as a connection (or bridge) between a public network, such as the internet, and a private subnet. The bastion server is hardened by stripping away all unnecessary applications, ports, processes, and user accounts to allow it to focus on its primary purpose of secure access. Typically, a bastion host resides on its own subnet with a publicly accessible IP address.

When a user requires or requests access to an asset stored on the private subnet, they must establish a connection via the bastion host and go through an authentication process to ensure their authorization.

How is a bastion host important?

A bastion host allows an organization to use applications or services that don’t require direct internet access. Admin and user activity can be funneled through the bastion server without requiring a floating IP address, which reduces the network attack surface. Internal services and apps can be kept blocked off from public access and will not act as vulnerable attack vectors, increasing security layers.

Benefits of bastion host

A bastion host security solution offers two significant advantages: 1) Easier compliance and 2) reduced attack surface. Network access threats can be better contained, and bastion hosts are also elementary to use, allowing access to private resources from a local machine without extra effort.

Common use cases for a bastion host

A bastion can be used for database access, internal web application access, or processing any internal endpoints that should not receive direct network access. Bastion hosts can provide secure access to Linux instances located in the private and public subnets of a virtual private cloud or give developers access to a single virtual machine without giving them access to additional services.

Recommended for You

Related Service Offerings

Cloud Cost Optimization Advisory

Save up to 30% of cloud spend by identifying areas of waste across hyperscalers

Application Modernization Advisory

A prescriptive and strategic roadmap to reduces risks on your journey into a modernized, containerized application environment

Cloud Security Assessment

Understand how secure your cloud environment is and the key vulnerabilities you need to address.