Bastion host

A bastion host is a server that either offers services for an open internet connection or works as a proxy to access the internet, requiring it be particularly protected against malicious attacks. In order for this security to be achieved, a server is protected both from the outside network in a demilitarised zone and intranet accesses through the use of a firewall, set to restrict contact between these two zones. As a critical strong point in network security, a bastion host is a computer that is fully built to withstand attacks. This practice forcefully represses direct access from an internal network to an external network like the world wide web by making sure that only the necessary ports are open at any given time. BY this process it's not possible for a web server to have access to any host part of the network unless it's specifically stated by the firewall that port 80 should be used. The Operating system of a bastion host should only be used by experienced administrators, with the successful implementation of a log data system for activity monitoring. In addition, the admin should report on any known vulnerability to avert any threat in advance. Thus the administrator has to measure the situation to see whether the vulnerability is relevant enough to be fixed by a simple configuration tweak or if a whole installation patch may be needed to protected the affected system from attacks.

Bastion host fully exposed to outside attacks.
from: http://www.sabronet.com/secure/firewall.html