bastion host
A bastion host is a special purpose computer on a network specifically designed and configured to withstand attacks. The computer generally hosts a single application, for example a proxy server, and all other services are removed or limited to reduce the threat to the computer. It is hardened in this manner primarily due to its location and purpose, which is either on the outside of a firewall or in a demilitarized zone (DMZ) and usually involves access from untrusted networks or computers.The term is generally attributed to a 1990 article discussing firewalls by Marcus J. Ranum. Ranum defined a Bastion host as
...a system identified by the firewall administrator as a critical strong point in the network security. Generally, bastion hosts will have some degree of extra attention paid to their security, may undergo regular audits, and may have modified software.
Krutz and Vines have described a bastion host as "any computer that is fully exposed to attack by being on the public side of the DMZ, unprotected by a firewall or filtering router. Firewalls and routers, anything that provides perimeter access control security can be considered bastion hosts. Other types of bastion hosts can include web, mail, DNS, and FTP servers...Due to their exposure, a great deal of effort must be put into designing and configuring bastion hosts to minimize the chances of penetration."
bastion host [ˈbæstiən həust]:堡垒主机,跳板机
References
https://en.wikipedia.org/wiki/Bastion_host