[Melbourne-pm] Knockd for Web

Daniel Pittman daniel at rimspace.net
Tue Jun 2 21:55:17 PDT 2009


Scott Penrose <scottp at dd.com.au> writes:
> ----- "Simon Taylor" <simon at unisolve.com.au> wrote:
>
>> Using knockd is emphatically not security through obscurity. As Scott has
>> said, all of your normal security infrastructure remains in place.

Even regardless of the rest of the security infrastructure, using a single
service to authenticate a user (or IP address) and grant access to other
services is a security feature.

knockd is certainly an example of this sort of strategy, just like the
traditional "SSH and port forward" or "VPN in" approaches.

>> In our uses of it, we routinely have HID systems like psad and ossec
>> running on public servers and these do a great job of reporting on
>> suspicious traffic.
>>
>> But it is knockd that dramatically reduces the attention you get from black
>> hats and allows the often time-poor, overworked sys admin in an
>> organisation to focus on the attacks that remain.

*nod*  If you can reduce the number of public services using knockd, or any
other "authenticate before access" service, then you will probably improve
your life.

Regards,
        Daniel


More information about the Melbourne-pm mailing list