10.3. Choosing a MachineThe first step in building a bastion host is to decide what kind of machine to use. You want reliability (if a bastion host goes down, you lose most of the benefit of your Internet connection), supportability, and configurability. This section looks at which operating system you should run, how fast a bastion host needs to be, and what hardware configuration should be supported.
10.3.1. What Operating System?A bastion host should be something you're familiar with. You're going to end up customizing the machine and the operating system extensively; this is not the time to learn your way around a completely new system. Because a fully configured bastion host is a very restricted environment, you'll want to be able to do development for it on another machine, and it helps a great deal to be able to exchange its peripherals with other machines you own. (This is partly a hardware issue, but it doesn't do you any good to be able to plug your Unix-formatted SCSI disk into a Macintosh SCSI chain: the hardware interoperates, but the data isn't readable.)
You need a machine that reliably offers the range of Internet services you wish to provide your users, with multiple connections simultaneously active. If your site is completely made up of MS-DOS, Windows, or Macintosh systems, you may find yourself needing some other platform (perhaps Unix, perhaps Windows NT, perhaps something else) to use as your bastion host. You may not be able to provide or access all the services you desire through your native platform because the relevant tools (proxy servers, packet filtering systems, or even regular servers for basic services such as SMTP and DNS) may not be available for that platform.
Unix is the operating system that has been most popular in offering Internet services, and tools are widely available to make bastion hosts on Unix systems. If you already have Unix machines, you should seriously consider Unix for your bastion host. If you have no suitable platforms for a bastion host and need to learn a new operating system anyway, we recommend you try Unix, because that's where you'll find the largest and most extensive set of tools for building bastion hosts.
The other popular operating system for this purpose is Windows NT. If you are already running Windows NT machines as servers, it makes sense to use Windows NT machines as bastion hosts as well. However, you should bear in mind that Windows NT machines are more complex than Unix machines. If you are familiar with both, we recommend using Unix rather than Windows NT for bastion hosts wherever practical. If you are familiar only with Windows NT, use it for bastion hosts; you are more likely to make mistakes securing a new operating system.
If all of your existing multiuser, IP-capable machines are something other than Unix or Windows NT machines (such as VMS systems, for example), you have a hard decision to make. You can probably use a machine you are familiar with as a bastion host and get the advantages of familiarity and interchangeability. On the other hand, solid and extensive tools for building bastion hosts are not likely to be available, and you're going to have to improvise. You might gain some security through obscurity (don't count on it; your operating system probably isn't as obscure as you think), but you may lose as much or more if you don't have the history that Unix-based bastion hosts offer. With Unix or Windows NT, you have the advantage of learning through other people's mistakes as well as your own.
ost of this book assumes that you will be using some kind of Unix or Windows NT machine as your bastion host. This is because most bastion hosts are Unix or Windows NT machines, and some of the details are extremely operating system dependent. See Chapter 11, "Unix and Linux Bastion Hosts", and Chapter 12, "Windows NT and Windows 2000 Bastion Hosts ", for these details. The principles will be the same if you choose to use another operating system, but the details will vary considerably.
10.3.2. How Fast a Machine?Most bastion hosts don't have to be fast machines; in fact, it's better for them not to be especially powerful. There are several good reasons, besides cost, to make your bastion host as powerful as it needs to be to do its job, but no more so. It doesn't take much horsepower to provide the services required of most bastion hosts.
any people use machines in the medium desktop range as their bastion hosts, which is plenty of power for most purposes. The bastion host really doesn't have much work to do. What it needs to do is mostly limited by the speed of your connection to the outside world, not by the CPU speed of the bastion host itself. It just doesn't take that much of a processor to handle mail, DNS, FTP, and proxy services for a 56 Kbps or even a T-1 (1.544 Mbps) line. You may need more power if you are running programs that do compression/decompression (e.g., NNTP servers) or searches (e.g., full-featured web servers), or if you're providing proxy services for dozens of users simultaneously.
You may also need more power to support requests from the Internet if your site becomes wildly popular (e.g., if you create something that everybody and their mothers want to access, like the Great American Web Page or a popular and well-stocked anonymous FTP site). At that point, you might also want to start using multiple bastion hosts, as we describe in Chapter 6, "Firewall Architectures". A large company with multiple Internet connections and popular services may need to use multiple bastion hosts and large, powerful machines.
10.3.3. What Hardware Configuration?You want a reliable hardware configuration, so you should select a base machine and peripherals that aren't the newest thing on the market. (There's a reason people call it "bleeding edge" as well as "leading edge" technology.) You also want the configuration to be supportable, so don't choose something so old you can't find replacement parts for it. The middle range from your favorite manufacturer is probably about right.
While a desktop-class machine probably has the horsepower you need, you may be better off with something in server packaging; machines packaged as servers are generally easier to exchange disks in, as well as being more possible to mount in racks when you have lots of them. They're also harder to steal, and less likely to get turned off by people who need another outlet to plug the vacuum cleaner into.
While you don't need sheer CPU power, you do need a machine that keeps track of a number of connections simultaneously. This is memory intensive, so you'll want a large amount of memory and probably a large amount of swap space as well. Caching proxies also need a large amount of free disk space to use for the caches.
The bastion host doesn't need interesting graphics and shouldn't have them. This is a network services host; nobody needs to see it. Attach a dumb terminal (the dumber the better) as the console. Having graphics will only encourage people to use the machine for other purposes and might encourage you to install support programs (like the X Window System and its derivatives) that are insecure. If you are using a Windows NT machine, which requires a graphics console, use a cheap and ugly VGA display or a console switch.
ost bastion hosts are critical machines and should have appropriate high-availability hardware, including redundant disks and uninterruptible power.
Copyright © 2002 O'Reilly & Associates. All rights reserved.