Penetration Testing
an anternative to port-knoking using the OpenBSD pf only Jan 23 2006 09:44PM
poplix (poplix papuasia org) (2 replies)
Re: an anternative to port-knoking using the OpenBSD pf only Feb 17 2006 08:52AM
gimeshell web de (1 replies)
Re: an anternative to port-knoking using the OpenBSD pf only Feb 20 2006 09:58PM
poplix (poplix papuasia org) (1 replies)
Re: an anternative to port-knoking using the OpenBSD pf only Feb 22 2006 10:00AM
Pete Herzog (lists isecom org) (1 replies)
Re: an anternative to port-knoking using the OpenBSD pf only Feb 27 2006 11:09PM
poplix (poplix papuasia org) (1 replies)
Hi,

> Easily perhaps from many internal networks. But it's much more
> difficult for an attacker to sniff it without access to either the
> client's network and the server's network.

I think a security layer must fits the anybody needs and cannot fail
only because the connecting host is not on a safe location.

>
> But it is a security layer because it makes a system harder to
> hack. How is that not a security layer?

It's not easy to define the meaning of security layer. It's not wrong
to define a security layer as "anything that increase security" but
it's not exactly correct. It's possible to distinguish between a
security layer and a security measure: a security layer is a part of
a system designed to increase the security; a security measure is any
measure we adopt to make our system safer.
Adding a firewall rule that allow access to a trusted ip only is a
security measure, the firewall itself is a security layer. I think
port-knocking is not a security layer because it plays with an
existing security layer, i.e. the firewall.
If you bind sshd on a different port every hour, probably you system
is safer, but how can you consider this a security layer? Maybe you
can call it a security measure....

> Well then it does protect the vault from rain, right? It's still
> protecting.

Ok, cellophane protects the vault against rain, but it doesn't
protect its content against thiefs ....

Maybe we can focus a new discussion on the security layer meaning....
it can be more interesting than port-knocking ;)

cheers
poplix

------------------------------------------------------------------------
------
This List Sponsored by: Lancope

"Discover the Security Benefits of Cisco NetFlow"
Learn how Cisco NetFlow enables cost-effective security across distributed
enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA)
and Response solution, leverages Cisco NetFlow to provide scalable,
internal network security.
Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and Response
Systems in the Enterprise."

http://www.lancope.com/resource/
------------------------------------------------------------------------
------

[ reply ]
Re: an anternative to port-knoking using the OpenBSD pf only Jan 24 2006 09:56AM
Joachim Schipper (j schipper math uu nl) (1 replies)


 

Privacy Statement
Copyright 2010, SecurityFocus