On Wed, 3 May 2000, Miss Yvette Seifert Hirth, CCP, CDP wrote:
> Hi everybody!
>
> Does anyone have any experience with Cobalt products, such as the Qube2
> and/or RaQ series of appliances?
I played with a pre-release of the original Qube.
> I've come to the conclusion that we can't afford a full-time Unix person,
> and while the consulting firms have been helpful, they're expensive. The
In my experience, it doesn't take a full-time administrator to *operate* a
well-configured Unix firewall. If you don't have the talent on staff, IMO
it's *more* important that the up-front configuration be done by someone
who knows what they're doing.
> Qube2 claims to have full-screen interfaces all set up that get one started,
> at least. This is attractive to me, and the price is not outrageous. Yes,
> I'm certain I could get Linux/Unix hardware and software for much less, but
> ... it's the "cost of talent" that makes the Cobalt products attractive.
The interface was fairly good, but I'd be hesitant to field one in a
security role without a seasoned admin doing the config, it took about 5
minutes to root the eval unit we had when the evaluator lost his password.
I have no idea how much the product has changed over time though. I was
doing other work at the time.
> The Qube2 has a built-in firewall *of some form*, but it only allows one
> website per Qube2. There's finagling that can be done per their Faq's, but
> then we get out of the "supported" realm. The RaQ allows for multiple site
> hosting, but has no firewall. <sigh>
If you're looking to protect a Web site, host-based configuration is where
all the best protection mechanisms are at. The Qube ran the standard
Apache code just fine, and I'd guess that comanche would run just fine
too if you wanted a GUI-ish config tool for multiple domains. I'd think
twice at least three times before fielding a Web server without a good
admin going over the config a few times. Web space at clued hosting
facilities is cheap these days and includes the kind of stuff the
uninitiated would enable poorly configured on their own box and a sane
admin wouldn't allow anywhere on their system.
If you're looking for a small office firewall, you'd probably be better
off with a more traditional firewall product.
I can't imagine that Cobalt is using anything other than IPChains - there
are plenty of Net resources for configuration.
If the systems are still MIPS-based, you should be aware that if you want
to add software generally it's going to take a compile if Cobalt doesn't
have it on their site. On the plus side, shell-code using script kiddies
won't know what to do when their newest 'sploit doesn't give them a
root prompt from that x86 code.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
