Compared to hosts that are protected from intrusion by being inside a firewall, bastion hosts are those expected to come under attack because the system is exposed to threats.
A computer system in a network that is fortified against illegal entry and attack, because it is exposed to the outside world (the Internet). Bastion hosts are used for services such as website hosting, mail, DNS lookups and FTP transfer and are located on the public side of a perimeter net (DMZ). The name comes from medieval fortresses built with bastions, which were projections out from the wall that enabled more men to gather behind in order to shoot their arrows. See firewall.