|
Machine 2 should be behind a very strict firewall that opens only the port your application uses to receive and return data. Run it on a minimal OS without known security concerns Machine 1 and 3 should probably be the same one and it should open a connection to machine 2. Now your only access to machine 2 is your own protocol code for the data transfer so even if someone gets their hands on machine 1/3 they can't do anything more than send data to it (as long as you write your code correctly).
Of course in any real situation the security risk is not the technical setup but the people involved in writing, storing and maintaining the code that goes on machine 2.
|
|
|
|
|
Thanks,
By what you wrote above it sound like data can travel in both directions, can I block data going in one direction, if not then machine 3 is unnecessary.
|
|
|
|
|
You need data to go into machine 2 and come out of it. I don't see what you're going to gain by requiring that to be through two separate connections.
|
|
|
|
|
MAW30 wrote: Is this possible? How would I go about doing this? Yes, could be done. The more interesting question is "how would one hack such a system".
MAW30 wrote: I an worried about hackers breaking into my program. Make sure that PC 2 is not connected to the internet, the LAN, that Wireless and bluetooth is down and make the USB ports inaccessible using glue. Further you'd like to make sure that the client only connects to the specific IP that you define, and communicate over a secure connection using a self-signed certificate. Disable all non-required services, like FTP, remove all non-essential users. Ideally, you'd write the access-log to a DVD-R. A network-admin could elaborate more on how to configure the network to secure it further - consult them, it's worth it. Aw, and don't use Windows for server 2 or 3.
Also hook up a huge siren to the speaker of that desktop, and have it holler whenever there's an unknown/unexpected entry in the access log.
Why? Well, PC1 will probably be a Windows-PC. Does it update automatically? Does it also update some client-software automatically? Think Adobe Flash or your virusscanner and the likes. If PC1 could be compromised, the next logical step would to be to flood PC2 with garbage-requests. That's assuming the hacker would know that there's a second PC that's "more" interesting; most if them will only be interested in Win-PC's that can easily be turned into spam/mining bots.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
Thanks,
What other operating system do you recommend, and is it wise to go out a separate computer PC 3 or does it make any difference to go out the same way it went in (my original thought was it wouldn't be able to send data out the way it came in). Does the firewall operate along with the OS or is it completely different. Is there one I could buy that would meet my requirements or would I need to write it myself, if so suggestions where to start, C# code, etc.
|
|
|
|
|
MAW30 wrote: What other operating system do you recommend On the maximum paranoia setting, I'd go for any Linux-version that can be compiled by hand (and verify the MD5 after downloading). Any minimum installation would do. Recommended basic settings here[^].
MAW30 wrote: (my original thought was it wouldn't be able to send data out the way it came in) That will depend mostly on the client; the hardware and drivers do not care which way the data flows on a TCP-connection. You DO want to block incoming connections - on almost every port, for almost every IP.
MAW30 wrote: Does the firewall operate along with the OS or is it completely different. There can be multiple; next to the hardware-firewall there's a firewall in Windows. Additionally, if you're using services, there's a firewall pattern[^]. That's usually something you build yourself, as only your app can validate a request.
Happy hunting
--edit
As an alternative; PC2 could block *all* incoming connections - it could fetch it's data from PC1 using a secured service. You'd be polling a bit, but then again, the PC won't be doing much other stuff
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
modified 11-Dec-13 12:56pm.
|
|
|
|
|
Thanks,
The information you gave me was very enlightening, I really like your last idea about polling.
Michael
|
|
|
|
|
What do you think of the following:
http://www.ghacks.net/2009/09/15/firestarter-simple-to-use-powerful-desktop-firewall/
|
|
|
|
|
Sounds good; I added it to my bookmarks
The complexity of iptables makes it hard to configure (which makes the chance of mistake bigger) and one is less inclined to check/update a complex system than it is with a kind and easy system.
Bastard Programmer from Hell
If you can't read my code, try converting it here[^]
|
|
|
|
|
I am new to Image processing , I am trying to implement a IRIS detection application fro my academics.
In the application i have successfully detected right eye from input stream . After that i have to perform the iris detection operations.
Please help me to solve this issue.
1.What should i do to detect the iris accurately? (Code samples would be useful)
2.Why application is not any circles form web camera input stream ?
Thanks in advance
|
|
|
|
|
|
Dear all
I converted a sample from C# to VB and get an error message. It looks simple, but still I don't understand... Would it be possible that C# allows calling an event directly, while VB doesn't? Or did my conversion tool go wrong?
Here's the short sample code:
private void OnWaveControlContextMenuPopup(ContextMenu menu)
{
if (this.WControlContextMenuPopup == null)
return;
this.WControlContextMenuPopup(menu);
}
where WControlContextMenuPopup is defined as an event:
public event WControlContextMenuPopupDelegate WaveControlContextMenuPopup;
After conversion I get the error message "Public Event WControlContextMenuPopup in an event and cannot be called directly. Use 'RaiseEvent'...". The error is shown in lines 2 and 5 of the converted code:
Private Sub OnWControlContextMenuPopup(menu As ContextMenu)
If Me.WControlContextMenuPopup Is Nothing Then <-----
Return
End If
Me.WControlContextMenuPopup(menu) <-----
End Sub
What would I have to change in the VB code to get the required result without error?
Thanks for some insight...
Mick
|
|
|
|
|
Try something like this:
Private Sub OnWControlContextMenuPopup(menu As ContextMenu)
RaiseEvent WControlContextMenuPopup(menu)
End Sub
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Thank you, Richard. Is it correct to leave the "if... end if" part away completely?
|
|
|
|
|
Yes, that's correct; RaiseEvent handles that check for you.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
Thanks for helping, Richard - have a nice evening!
|
|
|
|
|
C# and VB have differing syntax for doing the same thing. C# uses a syntax that is identical to calling an actual method. The error mesage tells you exactly what to do.
RaiseEvent WControlContextMenuPopup(menu)
|
|
|
|
|
Thank you for your answer.
Will I just ignore the whole "If..." part then? Because "If RaiseEvent..." doesn't work either. What is it actually supposed to do? Check for the result of an event???
|
|
|
|
|
Yes, you ignore the if code. All it does is check to see if a subscriber is attached before trying to raise the event. If VB.NET, with RaiseEvent , you don't have to do that.
|
|
|
|
|
Thank you for your help, and have a nice evening!
|
|
|
|
|
1] Data Layers - Would you create one DAL class for each table? Each DAL would have a method for each CRUD operation.
For example I have a series of tables "Extra Work Headers", "Extra Work Material", "Extra Work Equipment"... and a couple more.
Would you put the methods for ALL of the Extra Work tables in one DAL class, or create a DAL class for each?
Right now I have a mix of this. Some DAL's have all methods for a group of tables, but lately I have been creating DAL's for each table.
2] Same question for BL's and Controllers. One Controller for a table group, or a separate Controller for each table?
I see pro's and con's to each approach.
What do you think?
If it's not broken, fix it until it is
|
|
|
|
|
Don't think in terms of "tables", think in terms of "operations" -- many operations require changes to multiple tables.
|
|
|
|
|
While I agree, part of the reason I'm asking is that I'm using a home grown tool that generates code. It creates the Table Scripts, Entities, DAL, BL, Controllers, Models, API Proxy code, etc.
Not sure how that would work from an 'Operation' based approach.
So what I think I hear you saying is to create these objects based on what needs to be done, rather than based off the table?
If it's not broken, fix it until it is
|
|
|
|
|
That's what I'm saying.
Kevin Marois wrote: home grown tool
I'm all for that.
Kevin Marois wrote: Not sure how that would work from an 'Operation' based approach.
Which is why I never use anything that claims it can do it. There is no substitute for hard work. Doing it the right way requires time and experience.
|
|
|
|
|
I'm working on a long term project. If I tailored the tool specifically for this project, I could make it work
If it's not broken, fix it until it is
|
|
|
|