It is hardened in this manner primarily due to its location and purpose, which is either on the outside of a firewall or inside of a demilitarized zone (DMZ) and usually involves access from untrusted networks or computers.
Generally, bastion hosts will have some degree of extra attention paid to their security, may undergo regular audits, and may have modified software".
[1] It has also been described as "any computer that is fully exposed to attack by being on the public side of the DMZ, unprotected by a firewall or filtering router.
Other types of bastion hosts can include web, mail, DNS, and FTP servers.
Due to their exposure, a great deal of effort must be put into designing and configuring bastion hosts to minimize the chances of penetration".