home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam    

Building Internet Firewalls

Building Internet FirewallsSearch this book
Previous: 5.3 Choosing a Machine Chapter 5
Bastion Hosts
Next: 5.5 Locating the Bastion Host on the Network

5.4 Choosing a Physical Location

The bastion host needs to be in a location that is physically secure.[2] There are two reason for this:

  • It is impossible to adequately secure a machine against an attacker who has physical access to it; there are too many ways the attacker can compromise it.

  • The bastion host provides much of the actual functionality of your Internet connection, and if it is lost, damaged, or stolen, your site may effectively be disconnected. You will certainly lose access to at least some services.

[2] Practical UNIX Security by Simson Garfinkel and Gene Spafford (O'Reilly & Associates, second edition, 1996) contains an excellent and extensive discussion of physical security.

Never underestimate the power of human stupidity. Even if you don't believe that it's worth anyone's time and trouble to get physical access to the machine in order to break into it, secure it to prevent well-meaning people within your organization from inadvertently making it insecure or nonfunctional.

Your bastion host should be in a locked room, with adequate air conditioning and ventilation. If you provide uninterruptible power for your Internet connection, be sure to provide it for the bastion host as well.

Previous: 5.3 Choosing a Machine Building Internet Firewalls Next: 5.5 Locating the Bastion Host on the Network
5.3 Choosing a Machine Book Index 5.5 Locating the Bastion Host on the Network