Re: [cobalt-users] RAQ3 Behind firewall?

[Volker Kindermann <listen@xxxxxxxx>]

Hi Scott,


> I'm the proud new owner of a RAQ3 and have seen a few posts about bind
> attacks and other hacks of these units.  Are most of the users out there
> putting these behind firewalls?  I realize this may depend on how you are
> selling your services (if you are a hosting company) or if you have
> backends, and depends on the services being enabled, etc.  But in general,
> do you feel these devices are secure and Cobalt releases updates in a
> timely
> manner?  I'm planning on using HTTP, FTP and email services (DNS
> elsewhere).

first of all, disable all services you won't use. You are not vulnerable to
bind attacks if bind is not running on your machine. Disable telnet after
enabling ssh. Disable IMAP4 if you are only using pop3.

In general, I don't think that Cobalt Boxes are secure. One example: by
default the admin's password is equal root's password and you always (!!!)
send it in clear text when using the GUI (if you haven't enabled SSL for
administration). That's a really BAD thing.

There are more flaws like this.

The usage of a firewall highly depends on your security policy, many
vulnerabilities will last even with the greatest firewall (as the
cleartext-password mentioned above).

But it's always a good idea to implement some packet filtering that will
stop nasty things like spoofing, etc.

Go for some good firewall (i.e. packet filtering with ipchains) related
pages or buy a good book (O'Reilly has a very good one about building
firewalls, at the time I'm reading 'building linux and openbsd firewalls'
which is also worth reading).

After you understood the principles, your proudness of being a RaQ3 owner
may get some lacks, but your machine will enjoy your new knowledge. :-)

 -volker