Home page logo

basics logo Security Basics mailing list archives

Re: Port-Knocking vulnerabilities?
From: Brent Huston <lbhlists () gmail com>
Date: Mon, 31 Dec 2007 16:29:48 -0500

I can't help but wonder why, if you were going to go through all of the trouble of having some cryptography-based mechanism as described in this thread as a modern port knocking system, you would not just go ahead and deploy a regular, standards-based, regulatory compliant VPN installation?

I mean, if you are going through all of the normal key management functions, crypto overhead and special client implementation issues, why not just get yourself a VPN connection that will pass review, audit and assessment? I would certainly not want to have to explain the technical, theoretical or perceived security advantages/risks of port knocking to an auditor or the like. Nor would I want to have to detail it in a report to upper management.

It seems to be that security and simplicity often go hand in hand, so why not just skip the kludge and get yourself something without all of the perceived issues?

Just because something can be done, doesn't always mean it should...

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]