Relationship between bastion host and jump host
What's are the differences/similarities between a "bastion host" and a "jump host"? Are they usually used interchangeably?
Solution 1:
A Bastion host is a machine that is outside of your security zone.
And is expected to be a weak point, and in need of additional security considerations.
Because your security devices are technically outside of your security zone, firewalls and security appliances are also considered in most cases Bastion hosts.
Usually we're talking about:
- DNS Servers
- FTP Servers
- VPN Servers
A Jump Server is intended to breach the gap between two security zones.
The intended purpose here is to have a gateway to access something inside of the security zone, from the DMZ.
The main reason I've seen this utilized is to make sure that the one known entrance to a specific server that has to be accessible from the outside is kept up to date and is known in its purpose as only having to connect to (a) specific host(s).
Usually this is a hardened Linux box only used for SSH.