bastion host - 堡垒主机 / 跳板机

bastion host - 堡垒主机 / 跳板机

A bastion host is a special purpose computer on a network specifically designed and configured to withstand attacks. The computer generally hosts a single application, for example a proxy server, and all other services are removed or limited to reduce the threat to the computer. It is hardened in this manner primarily due to its location and purpose, which is either on the outside of a firewall or in a demilitarized zone (DMZ) and usually involves access from untrusted networks or computers.
堡垒主机是网络上的专用计算机，专门设计和配置以抵御攻击。计算机通常运行单个应用程序，例如代理服务器，并且移除或限制所有其他服务以减少对计算机的威胁。它以这种方式硬化主要是由于它的位置和目的，它位于防火墙的外部或非军事区 (DMZ)，并且通常涉及来自不受信任的网络或计算机的访问。

The term is generally attributed to a 1990 article discussing firewalls by Marcus J. Ranum. Ranum defined a Bastion host as a system identified by the firewall administrator as a critical strong point in the network security. Generally, bastion hosts will have some degree of extra attention paid to their security, may undergo regular audits, and may have modified software.
该术语通常归因于 1990 年由 Marcus J. Ranum 讨论防火墙的文章。Ranum 将 Bastion 主机定义为由防火墙管理员识别的系统，是网络安全中的关键优势。一般来说，堡垒主机会对其安全性有一定程度的额外关注，可能会进行定期审核，并且可能会修改软件。

Krutz and Vines have described a bastion host as "any computer that is fully exposed to attack by being on the public side of the DMZ, unprotected by a firewall or filtering router. Firewalls and routers, anything that provides perimeter access control security can be considered bastion hosts. Other types of bastion hosts can include web, mail, DNS, and FTP servers...Due to their exposure, a great deal of effort must be put into designing and configuring bastion hosts to minimize the chances of penetration."
Krutz 和 Vines 已经将堡垒主机描述为：任何完全暴露于 DMZ 公共端的攻击的计算机，不受防火墙或过滤路由器的保护。防火墙和路由器，任何提供周边访问控制安全性的东西都可以考虑堡垒主机。其他类型的堡垒主机可以包括网络，邮件，DNS 和 FTP 服务器... 由于它们的曝光，必须花费大量精力设计和配置堡垒主机，以尽量减少渗透的机会。

bastion host [ˈbæstiən həust]：堡垒主机，跳板机
withstand [wɪð'stænd]：vt. 抵挡，禁得起，反抗 vi. 反抗
demilitarize [ˌdi:'mɪlɪtəraɪz]：vt. 解除武装，使非军事化
primarily ['praɪm(ə)rɪlɪ; praɪ'mer-]：adv. 首先，主要地，根本上
audit ['ɔːdɪt]：vi. 审计，查账 n. 审计，查账

References
https://en.wikipedia.org/wiki/Bastion_host