Knock, Knock...Who's there? Port Knock!

Sprinkle a new layer of security on your network
Page:

In our society, it often takes tragedy, to bring about change; unfortunate, but true. I am no exception. Over the weekend, I may have accidentally left a few ports open. With 65,535 of them, it's hard to remember if they're all closed and stealthed, or if 1241 is still open from my Nessus session, if my Slingbox is still slinging shows over 5001, or if one of those ports in the 27000 range was left open by my alter-ego, half-life addict.

Lucky for me, someone kindly let me know that some ports were left open, through the generous installation of free software (trojans, key loggers, and other malware goodies) on my server and several PCs. After some digital house cleaning, I decided to sprinkle a new layer of security on my network....port knocking.

This security approach was never fully embraced by the network community. I think this was partially due to the misunderstanding of its true purpose. It was never meant to act as a standalone method of security; just a thin lining in your multi layered approach.

Port knocking (PK) is a firewall based method of user authentication. Using a generic client-server model, it is platform independent. A client is able to externally open a port by generating a specific sequence of connection attempts on closed ports. This is analogous to the antiquated practice of using predefined rhythmic knocking on a door, as a sort of pass code, to gain entrance.

Let's forget about the server daemon, client software, dynamic firewall rules, sequencing mechanisms and encryption use, and just look at the basic process. Imagine a server with no open ports, and no vulnerable or critical services running. A client PC wants to create a remote connection to the server, but the service port is closed and the service isn't even running. The client PC sends connection attempts to a series of ports, in a particular order, with specific time intervals. If the sequence of "knocks" correctly matches a predetermined authorization set, then the service port is opened and the service is started.

This mechanism provides several benefits. It is a transparent means of controlled access, by restricting service usage to clients producing the correct "knock" sequence. Common port scanning won't reveal open ports, with corresponding services to attack. Furthermore, to prevent hackers from obtaining the knock sequence, through packet capture and analysis, it can be frequently changed with pseudo random generators and employing encryption.

Page:
More about: ACT, BBC, IANA, Wikipedia
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the Computerworld comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Whitepapers
Latest Stories
Community Comments
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/19/avg-anti-virus-free-edition/

AVG Anti-Virus Free Edition

Note: This review covers version 8.5 of the software. This software is now in version 9.0. Antivirus program AVG 8.5 Free offers solid features and ...

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia