bastion
bastion host - 堡垒主机 / 跳板机
A bastion host is a special purpose computer on a network specifically designed and configured to withstand attacks. The computer generally hosts a single APPlication, for example a proxy server, and all other services are removed or limited to reduce the threat to the computer. It is hardened in this manner primarily due to its location and purpose, which is either on the outside of a firewall or in a demilitarized zone (DMZ) and usually involves access from untrusted networks or computers.
堡垒主机是网络上的专用计算机,专门设计和配置以抵御攻击。计算机通常运行单个应用程序,例如代理服务器,并且移除或限制所有其他服务以减少对计算机的威胁。它以这种方式硬化主要是由于它的位置和目的,它位于防火墙的外部或非军事区 (DMZ),并且通常涉及来自不受信任的网络或计算机的访问。
The term is generally attributed to a 1990 article discussing firewalls by Marcus J. Ranum. Ranum defined a Bastion host as a system identified by the firewall adMinistrator as a critical strong point in the network security. Generally, bastion hosts will have some degree of extra attention paid to their security, may undergo regular audits, and may have modified software.
该术语通常归因于 1990 年由 Marcus J. Ranum 讨论防火墙的文章。Ranum 将 Bastion 主机定义为由防火墙管理员识别的系统,是网络安全中的关键优势。一般来说,堡垒主机会对其安全性有一定程度的额外关注,可能会进行定期审核,并且可能会修改软件。
Krutz and Vines have described a bastion host as "any computer that is fully exposed to attack by being on the public side of the DMZ, unprotected by a firewall or filtering router. Firewalls and routers, anything that provides perimeter access control security can be considered bastion hosts. Other types of bastion hosts can include web, mail, DNS, and FTP servers...Due to their exposure, a great deal of effort must be put into designing and configuring bastion hosts to minimize the chances of penetration."
Krutz 和 Vines 已经将堡垒主机描述为:任何完全暴露于 DMZ 公共端的攻击的计算机,不受防火墙或过滤路由器的保护。防火墙和路由器,任何提供周边访问控制安全性的东西都可以考虑堡垒主机。其他类型的堡垒主机可以包括网络,邮件,DNS 和 FTP 服务器... 由于它们的曝光,必须花费大量精力设计和配置堡垒主机,以尽量减少渗透的机会。
bastion host [ˈbæstiən həust]:堡垒主机,跳板机
withstand [wɪð'stænd]:vt. 抵挡,禁得起,反抗 vi. 反抗
demilitarize [ˌdi:'mɪlɪtəraɪz]:vt. 解除武装,使非军事化
primarily ['praɪm(ə)rɪlɪ; praɪ'mer-]:adv. 首先,主要地,根本上
audit ['ɔːdɪt]:vi. 审计,查账 n. 审计,查账
https://en.wikipedia.org/wiki/Bastion_host
相关阅读
分享一下我老师大神的人工智能教程!零基础,通俗易懂!http://blog.csdn.net/jiangjunshow也欢迎大家转载本篇文章。分享知识,造福人民,
php配置本地一个新的虚拟主机 找到Apache的配置文件 httpd-conf 打开该文件找到 Include conf/extra/httpd-vhosts.conf 去掉
今天小编头条号上有朋友“虚其心实其腹”留言,想1000左右组装一个台式主机,能给推荐一下具体配置吗?主要是用来玩英雄联盟
1、身份鉴别 (6) a、对登录操作系统和数据库系统的用户进行身份标识和鉴别 测评方法 1、rundll32 netplwiz.dll UsersRunDll 勾
故障现象:通过主机编号下载驱动,发现显卡驱动有两个或多于两个,如何下载对应驱动。原因分析:此问题是由于台式电脑独立显卡可拆卸,方