-
February 29th, 2008, 08:18 AM
#11
Originally Posted by gore
What if someone needs to set up a server cluster that can NOT be taken down, and needs to be locked farther than usual?
Well with Windows that won't happen. Something is going to need an update and those all need a reboot in Windows.
That's why you have a cluster. You can take one leg down, the other(s) will still serve requests. Service availability is the key not server availability. Try setting up a *nix cluster and you'll need to do the same if you want/need to update.
If I said set up a Free BSD server, hire a good UNIX coder, and basically take the Kernel down to NOTHING but what you need to boot, and then basically hack a Web Server directly into the Kernel telling it to drop ALL packets that aren't web traffic, you have a machine that is going to be mighty hard to break into since it's nothing but a Kernel and a Server hacked into it and the only packets it's ging to let through are requests from a web browser asking for the web page.
There's no "need" to take a part the Windows kernel. It's a hybrid kernel (mainly micro but with some monolithic trades) meaning it's already as small as possible. Linux and BSD have a monolithic kernel, everything but the kitchensink needs to be build into it.
The reason to do this (hack the webserver into the kernel) is performance, not security. Performance will be enhanced because there's no need to switch context between user and kernel mode. It actually makes things LESS secure because a bug will take down everything (a nice fat kernel panic). Exploiting that bug will get you into kernel mode instantly. Not really what you want if security is essential.
Last edited by SirDice; February 29th, 2008 at 08:44 AM.
Oliver's Law:
Experience is something you don't get until just after you need it.
Similar Threads
-
By cheyenne1212 in forum Miscellaneous Security Discussions
Replies: 7
Last Post: February 1st, 2012, 02:51 PM
-
By E5C4P3 in forum AntiOnline's General Chit Chat
Replies: 33
Last Post: January 17th, 2008, 12:40 AM
-
By gore in forum Operating Systems
Replies: 3
Last Post: March 7th, 2004, 08:02 AM
-
By xmaddness in forum Miscellaneous Security Discussions
Replies: 0
Last Post: February 5th, 2003, 09:56 PM
-
By xmaddness in forum Miscellaneous Security Discussions
Replies: 1
Last Post: July 18th, 2002, 04:36 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|