BASTION HOST & HONEYPOT
A Bastion Host (also called Bastion Server) is a special purpose computer that is present in the network to withstand attacks. It is used in various forms in any organization such as it can be within a firewall, within DMZ (De-Militarized Zone), or it can act as a proxy server etc.
When an attacker tries to access any website, the host provides the attacker with a replica of the original site. The host allows the attacks on the replicated website to observe his activity which further helps to secure the original site. The bastion host is something that is exposed to the public network. It carries few services with the latest security updates and also Intrusion Detection System is installed in it. It helps to defend against attacks aimed at the inside network. It, sometimes, helps to trace the source of the attack. Bastion Host can be found outside the firewall or public side of the DMZ.
A typical network server provides login, file, print, and other services, including access to additional servers. On a bastion host, those services have been prohibited. Since there are no user accounts, it’s difficult for someone to break in using passwords. Since it has few services available, even if someone did break in, there wouldn’t be much they could do with it.
It acts like a proxy server to allow the client machines to connect to the remote server. This is why they are also called Jump Box. They are used in cloud environments as a server to provide access to a private network from an external network such as the internet. For example: To connect to a network, the system is required with an internal IP address. But you cannot provide the internal IP address in public because of security reasons. Now, you’ll need a bastion server that will provide an external IP address and it will also allow the legitimate system to connect on the network with an internal IP address which means you log into bastion host first and then into your target instance. In this scenario, there is two step login procedure to connect into the network and that is why, it is also called a Jump Server.
What are BASTION HOST & HONEYPOT?
A bastion host is one of the main defenses in an intranet firewall where it becomes the main point of contact between the intranet and the internet. When it receives the request from the internet for an intranet service, the host passes the request to the appropriate server. A filtering router reviews packets coming from the private subnet, making sure that only authorized incoming requests pass through to the intranet. It is believed that the best way to use the bastion host is to put it in a firewall.
Have you ever wondered instead of pushing away the bad guys from the network by implementing different security measures…what if we attract them and deflect them from the original source? One easy way to this is Honeypot.
Honeypot is a computer or a computer system that is intended to mimic likely targets of cyberattacks. It is used to lure the attackers which help the organization to know the motives of the attacker and to design more secure systems. Honeypot is not only useful to read the minds of hackers but also to educate other professionals about this. Multiple honeypots on a network form a Honeynet.
It acts as a trap for an attacker like a cheese-baited mousetraps. Honeypot includes applications and data that simulate a real computer system, that’s why the attacker thinks they are targeting a legitimate system that is worth their time.
BASTION HOST & HONEYPOT
However, honeypots are not ideal. They contain the usual technology risks such as firewall penetration, broken encryption methods and failure to detect attacks. In addition, honeypots are unable to detect attacks against systems that are not honeypot systems. The cost of maintaining a honeypot can be high, in part because of the specialized skills required to implement and administer a system that appears to expose the organization’s network resources while still preventing attackers from gaining access to any production systems.
Honeypot helps any organization by giving them an idea of which security measures are correct and which ones may need improvement.
Types of Honeypots:
- Production Honeypot: This is majorly used to divert or deflect the attacker and to have the knowledge of the motives of the attacker. It is used in corporations and companies to mitigate the risk of attacks.
- Research Honeypot: This is majorly used to observe the motives of the attacker’s community. It is used by educational institutions (non-profit organizations).
Check also, Role of Honeypot in Network Security
Wanna read more about Honeypots – https://krebsonsecurity.com/tag/honeypot/
Some popular examples of Honeypot:
- Google Hack Honeypot (GHH)