Serves as a platform for an application-level gateway
System identified as a critical strong point in the network’s security
common characteristics
– runs secure o/s, only essential services
– may require user authentication to access proxy or host
– each proxy can restrict features, hosts accessed
– each proxy is small, simple, checked for security
– limited disk use, hence read-only code
– each proxy runs as a non-privileged user in a private and secured directory on the bastion host
Host Based Firewalls
– used to secure an individual host
– available in operating systems or can be provided as an add-on package
– Filter and restrict packet flows
– Common location is a server
Advantages:
filtering rules can be tailored to the host envrionment
protection is provided independent of topology
provides an additional layer of protection
Personal Firewalls
– controls traffic between a personal computer or workstation and the internet or enterprise network
– for both home or corporate use
– typically is a software module on a personal computer
