Thursday, April 13, 2006

PortKnocking Security

One of the problems with firewalls is that they are great a protecting ports that you don't want to use, but must leave open ports that you do want to use. While one can configure a firewall to only allow specific external IP addresses to come in, this solution does not work when your external users are on temporary address, such as DSL, Cable, or dial-up, or are traveling. It's also a pain in the neck if you have significant numbers of people requiring special configuration.

Portknocking is a system where the firewall appears to be closed but will open to an external address that sends the right series of packets. It is very much like having a secret knock so that the little window in the door will open. Portknocking does not grant the user access to the systems; rather, it just gets the firewall out of the picture. The user still needs to login into the application behind the firewall.

Portknocking needs to be used on a computer-based firewall because it requires computer code to be installed. Firewall appliances will not allow this to be done. There is also the issue of running applications from the user. The user would need to run some special program to open the connection before starting the application. Otherwise, the application will find the firewall still blocking the port.

For now, this system is probably best for system administrators and other technically sophisticated users. I hope to see this system in much wider use as people discover its advantages. Plus, it does not hurt that it's free.


PORTKNOCKING - A system for stealthy authentication across closed ports. : ABOUT : summary: "Port knocking is a stealthy network authentication system that uses closed ports to carry out identification of trusted users. The system permits manipulation of firewall rules from a remote host across closed ports through encrypted channels."

No comments: