I Love Egypt!

Wednesday, October 9, 2019

How to Use Port Knocking on Linux (and Why You Shouldn’t)

Hand knocking on a closed door.
Photographee.eu/Shutterstock

Port knocking is a way to secure a server by closing firewall ports—even those you know will be used. Those ports are opened on demand if—and only if—the connection request provides the secret knock.

Port Knocking Is a “Secret Knock”

In the 1920s, when prohibition was in full swing, if you wanted to get into a speakeasy, you had to know the secret knock and tap it out correctly to get inside.

Port knocking is a modern equivalent. If you want people to have access to services on your computer but don’t want to open your firewall to the internet, you can use port knocking. It allows you to close the ports on your firewall that allow incoming connections and have them open automatically when a prearranged pattern of connection attempts is made. The sequence of connection attempts acts as the secret knock. Another secret knock closes the port.

Port knocking is something of a novelty, but it’s important to know it’s an example of security through obscurity, and that concept is fundamentally flawed. The secret of how to access a system is safe because only those in a specific group know it. But once that secret is out—either because it’s revealed, observed, guessed, or worked out—your security is void. You’re better off securing your server in other, stronger ways, like requiring key-based logins for an SSH server.

The most robust approaches to cybersecurity are multilayered, so, perhaps port knocking should be one of those layers. The more layers, the better, right? However, you could argue that port knocking doesn’t add much (if anything) to a properly hardened, secure system.

Cybersecurity is a vast and complicated topic, but you shouldn’t use port knocking as your only form of defense.

RELATED: How to Create and Install SSH Keys From the Linux Shell

Installing knockd

To demonstrate port knocking, we’re going to use it to control port 22, which is the SSH port. We’ll use a tool called knockd. Use apt-get to install this package onto your system if you use Ubuntu or another Debian-based distribution. On other Linux distributions, use your Linux distribution’s package management tool, instead.

Type the following:

sudo apt-get install knockd

Read the remaining 65 paragraphs



from How-To Geek https://ift.tt/2IE6OAG
via IFTTT

No comments :

Post a Comment