35
2.1.7.2 Bastion Host
Bastion
host
is
special-functioning computer
that
is
usually
placed
at
the
front
point
of
network
particularly
implemented to
resist
attacks
that
go
through
it.
It
is
specially hardened so
that attacks can be withstood and prevent
it
to
touch the
network.
Example
of
bastion
host
is
proxy
server
specifically designed
for
critical
network
security’s stronghold. A
firewall or router can also be considered as bastion host seeing
as they perform identical security duty.
Internet
Router
Bastion Host
Web Server
Figure 7 – Basic Implementation of Bastion Host
2.1.7.3 Honeypot
Honeypot
is
known
inside
the
network
as
decoy
server
that
looks
like
normal
server
but
acts
to
entrap
external
attacks.
Honeypot
is
commonly
placed
in
secluded,
nonpublic
network on which it seems to be
very valuable sites
for attackers. It
monitors,
examines,
and
determines
what
kind
of
attacks
and
how
the
system
deals
with
the
attacks.
Hence,
it
is
practical
for
network
security
administrators as
reconnaissance,
surveillance,
and
even
early-warming tool.
However,
if
honeypot
is
not
taken care,
it
is
possible
that
honeypot
will be taken control by attackers to attack other machines
within
the network. To avoid this to occur,
honeypot
is better
to
have special software
installed
that works as another trap for attackers. It is called “virtual environments” that appear to
 |