New
#61
Anyway, the perfect OS for me for now would be the "Perfect Hypervisor", that enables me to convey what hardware under the hypervisor without giving it a full control. I prefer a Hypervisor that doesn't virtualize everything 100%, so by this case, if my underlying 3D accelerator hardware is made by NVIDIA, then all of my guest OS running on top of my Hypervisor MUST install Nvidia display driver and including the hypervisor it self (by installing nvidia hypervisor display driver of somekind). Everything runs at close to native speed yet still enabled me to run multiple OS using bare metal approach... The base of this technology is already there, it's called IOMMU, I don't know when Intel/AMD/Nvidia will enable users to exploit it...
zzz2496
Edit: If I can't have a perfect OS now, I'd be glad to be able to run many close to perfect OS side by side...
Ok, so two things:
1) You are really going to argue that you can make a firewall 100% unhackable, 100% sercure?
Seriously?
2) I never once said that an Update had no chance of doing something bad, I merely said that they can fix things that you may not have known were broke.
~Lordbob
Lordbob75, I have several reading material for you:
1. NAT
2. PAT
3. IDS
4. IPS
5. DPI
6. Stateful firewall
These are technologies that are used for keeping a network safe. If you want 100% safety, stack these technologies several layers deep, it won't miss anything, but... it'll cost you 5 to 6 digit figures, maybe more and each month will cost you quite some money to pay the network administrator and several log analyzers. But it will give you 100% bulletproof network defense.
zzz2496
P.s: To compare this kind of setup with regular "modem/router/firewall box that came from ISP" setup -> Little box from ISP = "a door made from piece of thin paper" defense equipment, the setup above is a nuclear/ICBM proof self sustaining underground facilities complete with multi level security checks with multi level monitoring (audio/visual/thermal/motion/weight) system.
Last edited by zzz2496; 21 Apr 2010 at 18:40. Reason: added stateful firewall
You have to understand how these things work...
Before you are going to gain access to anything you have to be able to connect to a PORT on the firewall. A Port is merely a software contrivance consisting of a channel number inside a TCP/IP packet. Now... even if you do manage to connect to a port, you've accomplished nothing unless there is something LISTENING to that port. Listening simply means repeatedly checking the buffers for a port to see if there's anything there. Even then you still have to pass commands "Send File", "Format C:" whatever, that the listener (or client) knows how to execute. This by itself is extremely secure...
TCP connects are not simple processes either. There is an entire protocal defined for connecting to a port. Get it wrong and it won't connect. Opening a port in Winsock networking (as defined in the Windows Software Development Kit) is a process of about 15 to 20 software steps involving half a dozen procedure calls. Connecting to that port is almost as complex again. Merely knowing someone's IP address gets you nothing... You can't simply stuff commands into their address and watch their system melt no matter how hard you try.
Now add in a Firewall that basically takes packets from the WAN side and drops them unless a listener is holding the target port open and you've got a pretty much impenitrable barrier. Opening a port on a router's firewall is a whole protocal of it's own as well... I can set up a listener on my computer, opening as many ports as I want to and the router is happy to simply ignore them unless I complete a set of commands sent to --and here we go-- a specific port on the router's admin IP, following it's own listener's protocals for opening an outide port for incomming connections...
The net result of this is that when correctly set up your attempts to bypass the firewall will simply result in whatever packets you send to that IP address disappearing into thin air. No connection, no entry... no listener, no entry... no protocal, no entry... and on and on.
In fact, as I commented earlier most hacking is opportunistic. Some "just smart enough to be dangerous" IT guy leaves a system admin port open AND the router is not protecting it AND you happen to know the protocals... MAYBE you could get inside and try some telnet...
Really, I kid you not... This TV show stuff where some guy gets into a computer in 20 seconds or less, wrecks havoc on it and then leaves no trace... it simply that... TV show stuff. In real life it's as simple as "If you can't connect to it, you are crap out of luck."
Never once have I said it was easy or plausible.
I merely said it could be done.
I still maintain that no firewall can be 100% secure, no matter what. There will always be a way past it.
CommonTater, that was a well written explanation, thank you. Still, no matter how secure you believe it can be, there are 2 problems:
1) Whether it is possible to actually combine them all (I don't actually know)
2) There will still be a way around it.
While I may sound paranoid or something saying all this, I am just saying that it is impossible for anything to be 100% secure.
Also, I am only in High School (senior) and I will be going to college as a Computer Engineer starting this September. I have zero experience working in the real world, and have yet to learn a lot of what most members on here already know.
That said, I don't mean that I don't know anything either...
~Lordbob