Penetration Testing
an anternative to port-knoking using the OpenBSD pf only Jan 23 2006 09:44PM
poplix (poplix papuasia org) (2 replies)
Re: an anternative to port-knoking using the OpenBSD pf only Feb 17 2006 08:52AM
gimeshell web de (1 replies)
Re: an anternative to port-knoking using the OpenBSD pf only Feb 20 2006 09:58PM
poplix (poplix papuasia org) (1 replies)
Re: an anternative to port-knoking using the OpenBSD pf only Feb 22 2006 10:00AM
Pete Herzog (lists isecom org) (1 replies)
Re: an anternative to port-knoking using the OpenBSD pf only Feb 27 2006 11:09PM
poplix (poplix papuasia org) (1 replies)
Defining security measures (Was: an anternative to port-knoking using the OpenBSD pf only) Feb 28 2006 04:58PM
Pete Herzog (lists isecom org)
Hi poplix,

A few comments:

>> Easily perhaps from many internal networks. But it's much more
>> difficult for an attacker to sniff it without access to either the
>> client's network and the server's network.
>
> I think a security layer must fits the anybody needs and cannot fail
> only because the connecting host is not on a safe location.

All security is based on the environment. All. And business security
must be applied according to its environment. The concept of security
is to provide protection in order to create the safer haven. Everything
we do is relative to that haven, real or artificial. Saying it's not
relative to the environment is like, well, like this:
http://www.theonion.com/content/node/45360

>>
>> But it is a security layer because it makes a system harder to hack.
>> How is that not a security layer?
>
> It's not easy to define the meaning of security layer. It's not wrong
> to define a security layer as "anything that increase security" but
> it's not exactly correct. It's possible to distinguish between a
> security layer and a security measure: a security layer is a part of a
> system designed to increase the security; a security measure is any
> measure we adopt to make our system safer.
> Adding a firewall rule that allow access to a trusted ip only is a
> security measure, the firewall itself is a security layer. I think
> port-knocking is not a security layer because it plays with an
> existing security layer, i.e. the firewall.
> If you bind sshd on a different port every hour, probably you system
> is safer, but how can you consider this a security layer? Maybe you
> can call it a security measure....
>
This really doesn't make it any clearer to me as a definition. So I'm
okay with discussing this. But I don't think it will change the clarity
of your argument. A security layer is protection in whole. That layer
can be perfect or flawed or even of the wrong fit for security needs.
A layer is something that applies as one to a thing as a whole such as a
whole network, a whole system, etc. without changes for sub-groups under
that whole. Just by definition:

*2 a* *:* one thickness, course, or fold laid or lying over or under
another (http://www.m-w.com/)

Therefore a security layer doesn't say anything about the type or
appropriateness of the protection in place. Just that it's there.

You say blocking one port is a sec measure and a firewall is a layer. I
disagree. A firewall is a type of protection solution we associate with
managing security at the network level. There are many types of
firewalls but are there many types of blocked ports? No, there are many
ways within the process of blocking a port from protocol to RFC
compliance but it still remains either that port is blocked or not.

If I bind sshd on a different port every hour, that is a type of
protection. The protection provided there is a Loss Control called
Privacy where the method of message delivery is known only between
intended parties. It's used in many technologies, most notably the
principle of the RSA tokens changing every minute in sync with the login
server. How is that not a security layer?

A security measure?

*1 a *(1) *:* an adequate or due portion

Again, by definition, a security measure would have to refer to the
proper type of protection for a thing. Therefore an iron bar cannot be
a security measure for an IP network but it can be one for holding a
door shut.

Therefore, I conclude port-knocking is a type of protection, under these
terms, even a security layer for that server. Is it a security
measure? The answer now depends on whether or not port-knocking
provides adequate protection for intended operations and environment.

Sincerely,
-pete.

------------------------------------------------------------------------
------
This List Sponsored by: Lancope

"Discover the Security Benefits of Cisco NetFlow"
Learn how Cisco NetFlow enables cost-effective security across distributed
enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA)
and Response solution, leverages Cisco NetFlow to provide scalable,
internal network security.
Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and Response
Systems in the Enterprise."

http://www.lancope.com/resource/
------------------------------------------------------------------------
------

[ reply ]
Re: an anternative to port-knoking using the OpenBSD pf only Jan 24 2006 09:56AM
Joachim Schipper (j schipper math uu nl) (1 replies)


 

Privacy Statement
Copyright 2010, SecurityFocus