[Melbourne-pm] Knockd for Web
daniel at rimspace.net
Tue Jun 2 21:55:17 PDT 2009
Scott Penrose <scottp at dd.com.au> writes:
> ----- "Simon Taylor" <simon at unisolve.com.au> wrote:
>> Using knockd is emphatically not security through obscurity. As Scott has
>> said, all of your normal security infrastructure remains in place.
Even regardless of the rest of the security infrastructure, using a single
service to authenticate a user (or IP address) and grant access to other
services is a security feature.
knockd is certainly an example of this sort of strategy, just like the
traditional "SSH and port forward" or "VPN in" approaches.
>> In our uses of it, we routinely have HID systems like psad and ossec
>> running on public servers and these do a great job of reporting on
>> suspicious traffic.
>> But it is knockd that dramatically reduces the attention you get from black
>> hats and allows the often time-poor, overworked sys admin in an
>> organisation to focus on the attacks that remain.
*nod* If you can reduce the number of public services using knockd, or any
other "authenticate before access" service, then you will probably improve
More information about the Melbourne-pm