[Melbourne-pm] Knockd for Web

Daniel Pittman daniel at rimspace.net
Tue Jun 2 21:55:17 PDT 2009

Scott Penrose <scottp at dd.com.au> writes:
> ----- "Simon Taylor" <simon at unisolve.com.au> wrote:
>> Using knockd is emphatically not security through obscurity. As Scott has
>> said, all of your normal security infrastructure remains in place.

Even regardless of the rest of the security infrastructure, using a single
service to authenticate a user (or IP address) and grant access to other
services is a security feature.

knockd is certainly an example of this sort of strategy, just like the
traditional "SSH and port forward" or "VPN in" approaches.

>> In our uses of it, we routinely have HID systems like psad and ossec
>> running on public servers and these do a great job of reporting on
>> suspicious traffic.
>> But it is knockd that dramatically reduces the attention you get from black
>> hats and allows the often time-poor, overworked sys admin in an
>> organisation to focus on the attacks that remain.

*nod*  If you can reduce the number of public services using knockd, or any
other "authenticate before access" service, then you will probably improve
your life.


More information about the Melbourne-pm mailing list