This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

stong end system vs weak end system

I'm curious does anyone here know what type of security model Astaro was designed around is it strong or weak? I ask this question because a friend of mind is into security and he always talks about how most firewalls are designed on the week end system.

This thread was automatically locked due to age.

0 scorpionking over 12 years ago

Found this: Appendix C: Strong End System Model / Weak End System Model - TreckWiki

Note: Due to the requirements, a system using the Strong End System Model cannot function as a gateway, i.e. forward packets.

So my understanding is that it is technically impossible for the UTM to use the strong end security model.

Please correct me, if I'm wrong.
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 12 years ago

SK, it sounds like Watts' friend is a "weekend" security guy. [:D] (Sorry, I couldn't resist!)

Seriously, guys, I don't think this has anything to do with firewalls - a firewall, by definition, must be able to forward desired packets. Undesired packets are rejected or dropped. There's no strong or weak response based on the source IP.

Cheers - Bob
(and sorry if I offended your friend, Watts, I just couldn't resist the pun!)
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 12 years ago

Hi,

The article linked, and the RFC linked from the article, seem to be talking about a host system (not a firewall or router) that is multi-homed (has more than one NIC on more than one network).
Generally, you don't want a multi-homed PC or application server to route packets between networks.

However, looking at this from another point of view, you could say that a proxying firewall does not directly forward any packets.
Astaro can run in proxying mode by using Web Protection (and email protection, SOCKS, ...) and not creating any NAT/Masq or firewall rules.

Barry
Cancel
Vote Up 0 Vote Down

Cancel