Ron has configured his network to provide strong perimeter security. As part of his network architecture, he has included a host that is fully exposed to attack. The system is on the public side of the demilitarized zone, unprotected by a firewall or filtering router. What would you call such a host?
A.
DMZ host
B.
Honeypot
C.
DWZ host
D.
Bastion Host
Explanation:
A bastion host is a gateway between an inside network and an outside network. Used as a security measure, the bastion host is designed to defend against attacks aimed at the inside network. Depending on a network’s complexity and configuration, a single bastion host may stand guard by itself, or be part of a larger security system with different layers of protection.
in this the answer is DWZ host (Demilitarized zone)
in this the answer is DWZ host (Demilitarized zone). answer is A
1. If you have a DMZ, there is normally still a router or firewall. They may expose more than the internal firewall but it still exists.
2. A bastion host is often a term which is used to refer to a firewall. Never cared for that interpretation. A bastion host is more properly a system where it only does one specific function and all other functions are removed. A dual homed bastion host could be a firewall but it is not the designated function of the bastion host to be a firewall. Would I put the Bastion host out on the public side without protection–maybe.
3. Honey Pot. Ultimately, this is probably the best answer but not great. A honeypot is a device to attract hackers and it makes a virtual world for them to hack away in. The owners of the honeypot observe the hackers methods and modify their internal actions to compensate. My problem with this answer is that most honeypots are still inside the DMZ. Normally, you would not simply plop them on the Internet to be attacked. Ideally, they are a diversion from the real network. Still, it makes more sense than the bastion host to me.