[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Qube2 Firewall "feature"
- Subject: [cobalt-security] Qube2 Firewall "feature"
- From: Malcolm McLeary <mim@xxxxxxxxxx>
- Date: Sat, 18 Mar 2000 16:46:03 +1100
Guys,
In the Cobalt Knowledge Base it says ...
>QuestionNum: 536
>Product: All
>Category Admin
>Creation Date: Tue Jul 06 12:04:20 1999 PDT
>
>Question
>What options are available for using a Cobalt product as an internet
>firewall?
>
>Response
>The Qube2 features IP firewalling, which is a simple form of a firewall,
>whereby the Qube2 begins to process a packet and determine whether or not
>it came from an acceptable IP address. This is not a fully functional
>firewall, and should not be considered such.
>
>A firewall is a group of related programs that protects a network's
>resources from users from other networks. This is usually accomplished by
>running such software on a dedicated machine, separate from the other
>machines in an organization's intranet. Using the Qube 2 as a firewall
>could compromise your security, as it is your server. Such a situation
>would expose your network resources to outside users.
So if I read this right, although the feature is called a firewall, its
isn't and Cobalt recommend NOT to use it.
So why include it at all?
Can it serve any purpose?
I am looking at a situation where NAT is being used so the only "visible"
host will be the Qube2. It appears to me that it can only filter packets
destined to itself, hence you could restrict external access to Qube2
based services while still permitting internal access to the same
services.
>QuestionNum: 735
>Product: Qube2
>Category Admin
>Creation Date: Mon Jan 31 13:43:50 2000 PST
>
>Question
>Does the Qube have any kind of firewall that allows me to limit those who
>can gain access to the data on the Qube or access to the internal network?
>
>Response
>Our Qube has a firewall. You can setup your own firewall rules for
>your server.
>
>Here is a good tool to use to setup firewall rules:
>http://www.cobalt.com/support/tools/firewall.html
This looks like a useful tool if you need to configure the Qube2
Firewall, but I'm not sure I understand the purpose of "outbound".
Can it be used to limit access to outside services or just to Qube2
services?
Cheers, Malcolm
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Information Alchemy Pty Ltd
ACN 089 239 305
Canberra, Australia
Malcolm McLeary Mobile: 0412 636 086
Managing Director Email: mim@xxxxxxxxxx
This message was sent using Claris Emailer 2.0v3 for Macintosh.