Diff from version 2 to 3 (current)
| @@ -1,4 +1,4 @@ |
| -Port knocking is an authentication method used by network administrators to add security to their enviroment, allowing to open ports to access their PBX, servers, computers or other network devices behind a firewall on demand. | | +Port knocking is an authentication method used by network administrators to add security to their environment, allowing to open ports to access their PBX, servers, computers or other network devices behind a firewall on demand. | | | | Port knocking takes advantage of firewall rules to allow a client who knows the "secret knock" to enter the network through a particular port by performing a sequence of connection attempts (called a knock sequence). The correct knock sequence for any given port is created for specific IP addresses by the network administrator. | | |
|
|
| @@ -6,10 +6,11 @@ |
| | | A daemon monitors the firewall log files for connection requests and determines whether or not a client seeking the network does a valid request and knows the correct knock sequence. If the answer is yes, it does a specific operation (usually, opening some firewall rules and port for that specific IP, but it may be also to run any command, start service or do any other per-defined operation). | | | | -Due the flexibility of port knocking, allowing users to access on a secure way to AMI, SIP, or or other Services, while ensuring their PBX is not open to all the external world, this way to add additional security while allowing authorized users is gaining a lot of popularity, and is being implemented to allow user to access their networks services without the necessity to implement a VPN software. Some PBX, as Elastix, have implemented his own "Port Knocking" mechanism (known as "Whoreworn" on his own graphical interface. If you do not want to have the dependency of an Elastix PBX, you may configure the standar "knockd" service, that may run on any standar iptables / firewall machine. | | +Due the flexibility of port knocking, allowing users to access on a secure way to AMI, SIP, or or other Services, while ensuring their PBX is not open to all the external world, this way to add additional security while allowing authorized users is gaining a lot of popularity, and is being implemented to allow user to access their networks services without the necessity to implement a VPN software. Some manufacturers, as Elastix, have implemented his own "Port Knocking" mechanism (known as "__Elastix WormHole__") on his own graphical interface, but the most popular implementation of Port-Knocking is based on the standar "__knockd__" service, that may run on any standar iptables / firewall machine. | | | | -!!References | | | | + | | +!!References | | | | * ((Asterisk firewall rules|Firewalls and Asterisk)): What ports are involved and how do I set up a firewall to protect Asterisk? | | * ((Asterisk security through geographic IP address restriction)) |
|
|
| User | Comment | Time | Version |
|---|
| agorosti | | 2014-04-28 20:44 | 3 |