Hakin9 Article on fwknop
09 June, 2007
The February issue of the
"Starter Kit" edition of Hakin9 Magazine contains a lengthy
article on
fwknop written by Raul Siles.
The Starter Kit edition aims to provide introductory articles and tutorials that explain important
computer security technologies from the ground up, and I think this is valuable because security is
a complex field and there is generally a lack of good material of this kind. Raul's article is
entitled "Knock Knock Knocking on Firewall's Door", and is featured on the magazine cover.
In the article, Raul provides a history of passive authorization technologies beginning with
Port Knocking and extends the discussion into the latest
generation of these technologies called Single Packet Authorization. He gives detailed
information about how to install and configure fwknop-1.0 on a Fedora Core 6 system, and shows
how iptables in a default-drop stance for protected services do not appear underneath the watchful
eyes of Nmap. Here is a short excerpt from the article:
"...Although port knocking and SPA can be used to protect any service and its associated
ports, they are mainly used to protect and enable access to remote management protocols,
and especially long running TCP sessions, such as Secure Shell, SSH (TCP port 22).The article presents two configuration example. The first one focuses on allowing access to SSH while the second allows the client to manage remotely the rules that should be applied in the iptables firewall..."
Incidentally, the same issue of Hakin9 includes coverage of the psad and fwsnort projects in another article entitled "Much More Than Just a Firewall" written by Jess Garcia. His article covers several security technologies including honeypots and snort_inline, and makes the case that firewalls can do much more than simple filtering operations on network traffic. I'm happy to see Cipherdyne projects getting more exposure in the security literature.
