mailing list archives
Re: Port-Knocking vulnerabilities?
From: Brent Huston <lbhlists () gmail com>
Date: Mon, 31 Dec 2007 16:29:48 -0500
I can't help but wonder why, if you were going to go through all of
the trouble of having some cryptography-based mechanism as described
in this thread as a modern port knocking system, you would not just go
ahead and deploy a regular, standards-based, regulatory compliant VPN
I mean, if you are going through all of the normal key management
functions, crypto overhead and special client implementation issues,
why not just get yourself a VPN connection that will pass review,
audit and assessment? I would certainly not want to have to explain
the technical, theoretical or perceived security advantages/risks of
port knocking to an auditor or the like. Nor would I want to have to
detail it in a report to upper management.
It seems to be that security and simplicity often go hand in hand, so
why not just skip the kludge and get yourself something without all of
the perceived issues?
Just because something can be done, doesn't always mean it should...
RE: Port-Knocking vulnerabilities? Jay (Dec 31)
Re: Port-Knocking vulnerabilities? Jay (Dec 31)
- Re: Port-Knocking vulnerabilities?, (continued)