Beyond- Security课件.ppt

Introduction 4/4 These manipulations are mediated by a port knock daemon, running on the server, which monitors the firewall log file for connection attempts which can be translated into authentic knock sequences Once the desired ports are opened, the remote host can establish a connection and begin a session. Another knock sequence may used to trigger the closing of the port What is it good for? Port knocking is best for hosts that provide services to authorized users who require continual access to services and data from any location Port knocking is not suitable for hosts running public services, such as SMTP or HTTP Port knocking is used to keep all ports closed to public traffic while flexibly opening and closing ports to traffic from users who have authenticated themselves with a knock sequence What else? This on-demand IP-based filtering which is triggered by a remote user can offers the advantages of IP-based filtering without the limitation usually associated with maintaining IP rules What isn’t it? Port knocking cannot be used to protect public services - such protection cannot be effective if the knock sequence, or a method to generate it, is made public Why is it so exciting? Port knocking is not a listening service – it is not exposed to network attacks There is no way to detect a port-knocking server (unlike a firewall that can be detected) The port seems closed – because they are closed! In security, simple mechanism = less probability for weaknesses Why not just a Firewall? Firewalls define and limit the communication possible within a network System administrators tend to be paranoid (good!) and need to enforce limits to help monitoring and troubleshooting Unless you are very familiar with your operating system, you may not be aware of all the services running on your computer Summarize Port knocking can be used whenever there is a need to transfer information across closed ports The port knock daemon can be implemented to respond in any suitable w