What's are the differences/similarities between a "bastion host" and a "jump host"? Are they usually used interchangeably?
Asked
Active
Viewed 1.8k times
2 Answers
25
A Bastion host is a machine that is outside of your security zone.
And is expected to be a weak point, and in need of additional security considerations.
Because your security devices are technically outside of your security zone, firewalls and security appliances are also considered in most cases Bastion hosts.
Usually we're talking about:
- DNS Servers
- FTP Servers
- VPN Servers
A Jump Server is intended to breach the gap between two security zones.
The intended purpose here is to have a gateway to access something inside of the security zone, from the DMZ.
The main reason I've seen this utilized is to make sure that the one known entrance to a specific server that has to be accessible from the outside is kept up to date and is known in its purpose as only having to connect to (a) specific host(s).
Usually this is a hardened Linux box only used for SSH.
Reaces
- 5,627
0
It sounds like Reaces is correct and has a pretty good explanation. I'm no expert, but will add that (right or wrong) people sometimes use the two terms interchangeably since they are indeed similar. For example, here is a good read about this as it relates to Azure, AWS, and GCP: CloudInfrastructureServices Link. You'll notice right off (and throughout) that they use the terms interchangeably.
And here is a good blog article that compares 'Azure Bastion' to 'Traditional Jump Hosts': Blog Link. Granted that is 'Azure Bastion', not a generic bastion host, but I believe 'bastion' is similar on other Hyperscalers like AWS and GCP. This article by Google on GCP says, "When using a bastion host, you log into the bastion host first, and then into your target private VM": GCP Bastion Link
In summary: You may see them used interchangeably, and context matters when someone says 'bastion host'.
Clark
- 71
- 1
- 1
- 4