[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Qube2 Firewall "feature"

Subject: [cobalt-security] Qube2 Firewall "feature"
From: Malcolm McLeary <mim@xxxxxxxxxx>
Date: Sat, 18 Mar 2000 16:46:03 +1100

Guys,

In the Cobalt Knowledge Base it says ...

>QuestionNum: 536
>Product: All
>Category Admin
>Creation Date: Tue Jul 06 12:04:20 1999 PDT 
>
>Question
>What options are available for using a Cobalt product as an internet 
>firewall?
>
>Response
>The Qube2 features IP firewalling, which is a simple form of a firewall, 
>whereby the Qube2 begins to process a packet and determine whether or not 
>it came from an acceptable IP address. This is not a fully functional 
>firewall, and should not be considered such.
>
>A firewall is a group of related programs that protects a network's 
>resources from users from other networks. This is usually accomplished by 
>running such software on a dedicated machine, separate from the other 
>machines in an organization's intranet. Using the Qube 2 as a firewall 
>could compromise your security, as it is your server. Such a situation 
>would expose your network resources to outside users.

So if I read this right, although the feature is called a firewall, its 
isn't and Cobalt recommend NOT to use it.

So why include it at all?

Can it serve any purpose?

I am looking at a situation where NAT is being used so the only "visible" 
host will be the Qube2.  It appears to me that it can only filter packets 
destined to itself, hence you could restrict external access to Qube2 
based services while still permitting internal access to the same 
services.

>QuestionNum: 735
>Product: Qube2
>Category Admin
>Creation Date: Mon Jan 31 13:43:50 2000 PST 
>
>Question
>Does the Qube have any kind of firewall that allows me to limit those who 
>can gain access to the data on the Qube or access to the internal network?
>
>Response
>Our Qube has a firewall. You can setup your own firewall rules for 
>your server. 
>
>Here is a good tool to use to setup firewall rules: 
>http://www.cobalt.com/support/tools/firewall.html

This looks like a useful tool if you need to configure the Qube2 
Firewall, but I'm not sure I understand the purpose of "outbound".

Can it be used to limit access to outside services or just to Qube2 
services?

Cheers,  Malcolm



. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                       Information Alchemy Pty Ltd
                             ACN 089 239 305
                           Canberra, Australia

Malcolm McLeary                                  Mobile:   0412 636 086
Managing Director                                Email:  mim@xxxxxxxxxx

     This message was sent using Claris Emailer 2.0v3 for Macintosh.

Follow-Ups:
- Re: [cobalt-security] Qube2 Firewall "feature"
  - From: Jeff Lasman
- RE: [cobalt-security] Qube2 Firewall "feature"
  - From: Jeff Newman

Prev by Date: RE: [cobalt-security] static nat routing...
Next by Date: Re: [cobalt-security] Qube2 Firewall "feature"
Previous by thread: RE: [cobalt-security] static nat routing...
Next by thread: Re: [cobalt-security] Qube2 Firewall "feature"

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index