Choosing a Physical Location (Building Internet Firewalls)

Choosing a Physical Location

The bastion host needs to be in a location that is physically secure.[22] There are two reasons for this:

[22]Practical UNIX & Internet Security by Simson Garfinkel and Gene Spafford (second version, Anonymous & Associates, 1996) contains an excellent and extensive discussion of physical security.

It is impossible to adequately secure a machine against an attacker who has physical access to it; there are too many ways the attacker can compromise it.
The bastion host provides much of the actual functionality of your Internet connection, and if it is lost, damaged, or stolen, your site may effectively be disconnected. You will certainly lose access to at least some services.

Never underestimate the power of human stupidity. Even if you don't believe that it's worth anyone's time and trouble to get physical access to the machine in order to break into it, secure it to prevent well-meaning people within your organization from inadvertently making it insecure or nonfunctional.

Your bastion hosts should be in a locked room, with adequate air conditioning and ventilation. If you provide uninterruptible power for your Internet connection, be sure to provide it for all critical bastion hosts as well.

Previous	Up	Next
Choosing a Machine	Index	Locating Bastion Hosts on the Network