Is Port Knocking a good idea?

350835 pts.
Tags:
Port knocking
SSH Configuration
I generally lock down SSH and other non-public services so that they can only be accessed by specific IP addresses. But some businesses we work with do not have static IPs and occasionally they need to provide access for contractors and outside developers. I have been told that Port Knocking could be used to solve this problem, but I know nothing about the process. On to the questions:
  • First, could it be used in such a manner?
  • Has anyone out there actually done this?  What were your experiences?
  • Which daemon should I use to run it with Linux?
  • How long should the Knock sequence be?
  • Are there any alternatives to the port knocking approach?

Answer Wiki

Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • TomLiotta

    It doesn't sound like a particularly good idea in your environment. In order for it to work, you need to inform your data partners of the 'knock' pattern. They then must share it with any number of their working partners. Those will likely change as projects change, and the 'knock' pattern will spread in an uncontrolled way.

    That brings a need to communicate new patterns with all communicating parties on a regular basis. Probably also a frequent basis if this needs real security. It could easily add more trouble than it's worth. Port-knocking isn't especially secure when it's known to be in use. The knocks can be detected when they're looked for.

    Now, the knocking itself doesn't do anything to grant access. Once your firewall recognizes it, it should simply open the ssh (or other) port. The port remains closed otherwise, so no ssh access is possible. After the port is open, a connection can be opened and normal authentication still has to be done.

    Port knocking can be used at any time, but it works much better in a controlled, stable environment. The ability to send knocks from one side needs to be coordinated with the ability to recognize knocks on the other side. When the outside can change to include unknown senders, it is no longer a reliable addition. It can actually become one more piece of confirmation that the unknown person at the other end is "reliable". As that becomes a false positive, the risk goes up greatly. You have to decide if it's worth the trouble.

    Tom

    125,585 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following