Port Knocking, a charming security through obscurity protection
This post is a short analysis of the idea behind port knocking, the reasons why it provides a layer of security to systems and its limits when it comes to usability. Introduction A subset of network services is meant to be accessible only by few authorized users (mainly system administrators). Services like SSH, web administrative panels, (S)FTP are often the most targeted because, if exploited, may allow an attacker to gain a foothold in the system. Even information disclosure of running processes, username enumerations and similar actions can allow an attacker to collect enough information to plan more targeted and harmful attacks. At this point port knocking comes in as a niche solution to conceal this type of network services from massive Internet scanner (e.g. Shodan). It also comes handy for protecting critical network services in the scenario that another host of the intranet have already been compromised and leveraged as pivots. Port knocking as a positive se...