100% Software Security...?

the point was that if you have blocked every port for everything in all directions you don't need a firewall, you don't even need an internet connection at all.

it isn't untill you want to allow some packets but not all packets that a fw actually is needed. I pretty sure you knew that. So if your fw is going to let in a particular packet, it has to look at every single one to decide if the packet matched the criteria of a packet that is allowed to pass through the fw. I think you knew that too.

So now we are looking at with the decision algorithms. Are they perfect? Any chance of a buffer overrun? Any chance that the criteria for an allowed packet isn't strict enough? Any possiblity that spoofing can occur? These are questions for the developer since you couldn't know the answer without the source code. Even then, could there be an oversite? what if other software is installed, does that elevate the risks?

 

Hey UNICRON

heh

In reference to TCP Protocol; if I make a Rule to ONLY Authorize ALL locally started Connections using rule-base Software Firewall with TCP Stateful Packet Inspection capabilities, you telling me that now there is error whether I’m using Look ‘n’ Stop or VisNetic Firewall or….

Alright now you know anything about Stateful Packet Inspection Firewalls you know any Spoofing Attempt of an Active Connection are BLOCKED!

 

I am getting tired of saying the same stuff over and over again.

Phant0m``, you are assuming that everything works perfectly. This is something the software industry as a whole has a horrible track record at. And why shouldn't they? This technology is so new that we can expect issues and problems with computing hardware and software in general for years to come. Not untill software engineers have to sign off on programs can we expect better. The OS your FW is running on hasn't been known for its great security record and since it exists between the ethernet card and the fw, there will always be doubt.

I am glad you are happy with the fw you use. I know L'n'S had an excellent track record and is a solid company. We wouldn't host their forums elsewise.

 

Hey UNICRON

I apologize for the troubles I may cause you.

I would have to be an fool to assume every Software works flawlessly, and in reference to Software Security I surely don’t trust server Software working flawlessly. Best anyone can do is making sure the server Software is kept up-to-date and hopes it’ll withstand.

And I would have to be mentally handicap to think the Operating Systems are built flawlessly.

I understand Packet notion and I understand Software Firewalls, and I’m telling you there is definitely no chance of anything remotely generated getting pass my Software Firewall and its configurations.

Now while you and whoever else claims it’s impossible, I’m here still waiting for one to prove it. By taking the challenge or whatever you wish to call it and come forth and attempt to do anything you or whoever can possibly think of.

 

lol, don't worry I'll survive.

or make it better, someone has to.

yet the fw that runs on it can! A brick house built on mud...

assuming everything that needs to work correctly does so

I don't claim it is impossible, just improbable. While you wait for perfection to be disproved, you might note that perfection can't scientifically be proved at all.

I won't claim to know how to defeat a decent firewall, but that doesn't mean it is perfect. All of these sw firewalls have had vulnerabilities in the past, but I am glad to see you are so confident we have seen the last of those pesky exploits!

 

OK, this thread has outlived its usefullness. Apparently no one but us care at all

I am going to close this thread, but to avoid being a "last-wordist", I'll give you one last post.

Just don't violate the TOS or I'll have edit it (therfore getting the last word)

closing arguments?

 

I Agree.