Network Security: Detailed info on Re: Port-Knocking vulnerabilities?

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Security-Basics

[Top] [All Lists]

Re: Port-Knocking vulnerabilities?

from [Brent Huston] Network Security

[Permanent Link]

Subject:	Re: Port-Knocking vulnerabilities?
Date:	Mon, 31 Dec 2007 16:29:48 -0500

I can't help but wonder why, if you were going to go through all of the trouble of having some cryptography-based mechanism as described in this thread as a modern port knocking system, you would not just go ahead and deploy a regular, standards-based, regulatory compliant VPN installation?

I mean, if you are going through all of the normal key management functions, crypto overhead and special client implementation issues, why not just get yourself a VPN connection that will pass review, audit and assessment? I would certainly not want to have to explain the technical, theoretical or perceived security advantages/risks of port knocking to an auditor or the like. Nor would I want to have to detail it in a report to upper management.

It seems to be that security and simplicity often go hand in hand, so why not just skip the kludge and get yourself something without all of the perceived issues?

Just because something can be done, doesn't always mean it should...

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Re: Port-Knocking vulnerabilities?, (continued) Re: Port-Knocking vulnerabilities?, Jay Re: Port-Knocking vulnerabilities?, Ansgar -59cobalt- Wiechers Re: Port-Knocking vulnerabilities?, Robert Inder Re: Port-Knocking vulnerabilities?, Goldstein101 RE: Port-Knocking vulnerabilities?, Craig Wright Re: Port-Knocking vulnerabilities?, Ansgar -59cobalt- Wiechers RE: Port-Knocking vulnerabilities?, Craig Wright RE: Port-Knocking vulnerabilities?, Jay Re: Port-Knocking vulnerabilities?, Jay Re: Port-Knocking vulnerabilities?, Ansgar -59cobalt- Wiechers Re: Port-Knocking vulnerabilities?, Brent Huston <= RE: Port-Knocking vulnerabilities?, Craig Wright

Previous by Date:	Re: microsoft updates, Ansgar -59cobalt- Wiechers
Next by Date:	RE: Port-Knocking vulnerabilities?, Craig Wright
Previous by Thread:	Re: Port-Knocking vulnerabilities?, Ansgar -59cobalt- Wiechers
Next by Thread:	RE: Port-Knocking vulnerabilities?, Craig Wright
Indexes:	[Date] [Thread] [Top] [All Lists]