[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] Qube2 Firewall "feature"

Malcolm:

Outbound refers to what protocols you allow the users behind the firewall to
use.  Generally with the Cube as your firewall, you will allow all outbound
connections and deny all inbound connections except to the services that you
want connected such as ports 21, 25, 80 and all ports in the range from 1025
to 65355.  NEVER allow an outside connection to 139, in fact don't run SMB
if this is your firewall.  That's just asking for trouble.  With the cube,
you can even make things worse yet by using it to authenticate your trusted
network users under any circumstance!  Don't forget to include as the last
line in the firewall a statement that denys all incoming to all destinations
on all protocols.

-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Malcolm
McLeary
Sent: Friday, March 17, 2000 11:46 PM
To: cobalt-security@xxxxxxxxxxxxxxx
Subject: [cobalt-security] Qube2 Firewall "feature"


Guys,

In the Cobalt Knowledge Base it says ...

>QuestionNum: 536
>Product: All
>Category Admin
>Creation Date: Tue Jul 06 12:04:20 1999 PDT
>
>Question
>What options are available for using a Cobalt product as an internet
>firewall?
>
>Response
>The Qube2 features IP firewalling, which is a simple form of a firewall,
>whereby the Qube2 begins to process a packet and determine whether or not
>it came from an acceptable IP address. This is not a fully functional
>firewall, and should not be considered such.
>
>A firewall is a group of related programs that protects a network's
>resources from users from other networks. This is usually accomplished by
>running such software on a dedicated machine, separate from the other
>machines in an organization's intranet. Using the Qube 2 as a firewall
>could compromise your security, as it is your server. Such a situation
>would expose your network resources to outside users.

So if I read this right, although the feature is called a firewall, its
isn't and Cobalt recommend NOT to use it.

So why include it at all?

Can it serve any purpose?

I am looking at a situation where NAT is being used so the only "visible"
host will be the Qube2.  It appears to me that it can only filter packets
destined to itself, hence you could restrict external access to Qube2
based services while still permitting internal access to the same
services.

>QuestionNum: 735
>Product: Qube2
>Category Admin
>Creation Date: Mon Jan 31 13:43:50 2000 PST
>
>Question
>Does the Qube have any kind of firewall that allows me to limit those who
>can gain access to the data on the Qube or access to the internal network?
>
>Response
>Our Qube has a firewall. You can setup your own firewall rules for
>your server.
>
>Here is a good tool to use to setup firewall rules:
>http://www.cobalt.com/support/tools/firewall.html

This looks like a useful tool if you need to configure the Qube2
Firewall, but I'm not sure I understand the purpose of "outbound".

Can it be used to limit access to outside services or just to Qube2
services?

Cheers,  Malcolm



. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

                       Information Alchemy Pty Ltd
                             ACN 089 239 305
                           Canberra, Australia

Malcolm McLeary                                  Mobile:   0412 636 086
Managing Director                                Email:  mim@xxxxxxxxxx

     This message was sent using Claris Emailer 2.0v3 for Macintosh.


_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security