« Previous 1 2 3 4 5 Next »

Port Knocking

Protect your Network with Port Knocking

A few years ago I was spending a great deal of time on call – day and night. It rapidly became obvious that we needed to implement company-wide server security that would be effective when on-call personnel were away from the office.

In this article, I describe a solution the team developed that combines TCP Wrappers with port knocking, allowing engineers to work remotely, without compromising the integrity of the company security policy.

Almost every computer application demands a level of security to enforce privacy – from software houses developing the latest ground-breaking game to time-sensitive academic discoveries. Across the many facets of computing, security is one of the most fascinating, especially online security, because security of the Internet must contend with many unseen hurdles thanks to its bare-all public-facing nature.

Hit the Road

One of areas we looked at included using one mobile cell phone carrier universally within the business for engineering staff and tying SSH access specifically only to their IP address blocks.

Sadly, two show-stopping issues quickly became apparent. First, because large carriers (Verizon in this case) allocated hundreds, if not thousands, of IP addresses to its GPRS and 3G customers, this approach opened up our servers to many more IP addresses than in our old system, with its 10 or 20 authorized IP addresses at the company offices and at the homes of those on call. Granted, the rest of the Internet couldn't gain access, but the difference between a handful of authorized IP addresses and thousands is huge.

Second, this approach added to administration because the IP address blocks changed every month or two; as the carrier's IP address pool grew larger, sometimes despite our best efforts, the on-call engineer was inevitably locked out during emergency callouts.

Next, we tried dial-up access via back doors and

...
Use Express-Checkout link below to read the full article (PDF).

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy ADMIN Magazine

SINGLE ISSUES
Print Issues
Digital Issues
 
SUBSCRIPTIONS
Print Subs
Digisubs
 
TABLET & SMARTPHONE APPS
Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • Lead Image © momo5287, 123RF.com
    TCP Stealth hides open ports
    Port scans for finding vulnerable services are nothing new, and port knocking as a defense has been around for a while, too. TCP Stealth tries to do something similar, but it takes a more sophisticated approach. We take a closer look.
    more »
  • Secure Your Server with TCP Wrappers

    TCP Wrappers are versatile, sophisticated, and surprisingly easy to use, and they can secure your servers from attack with run-time ACL reconfiguration.

    more »
  • © rukanoga, 123RF.com
    Security without firewalls
    TCP Wrappers are versatile, sophisticated, and surprisingly easy to use, and they can secure your servers from attack with run-time ACL reconfiguration.
    more »
  • Lead Image © saniphoto, fotolia.com
    Sort out your SSH configs
    The scope and functionality of SSH and sFTP provides both secure remote access and secure file transfers.
    more »
  • Arp Cache Poisoning and Packet Sniffing

    Intruders rely on arp cache poisoning to conceal their presence on a local network. We'll show you some of the tools an attacker might use to poison the arp cache and gather information on your network.

    more »
comments powered by Disqus
Subscribe to our ADMIN Newsletters
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs

Most Popular

Support Our Work

ADMIN content is made possible with support from readers like you. Please consider contributing when you've found an article to be beneficial.

Learn More”> </a> <hr> </div> </div> <div class=