Page 36 - index
P. 36
• Not ideal for protocols with high traffic.
• It can be target of replay-attacks: if someone can spy your connections, the “knocks”
sequence can be easily deduced and used against the system.
• Some Port Knocking implementations used in production environments are open-source:
the “knocks” sequence can be inferred by reverse-engineer the algorithm used by those
implementations.
• Often when implementing a Port Knocking technique, there is a unique element
monitoring the ports opening/closing operation, making it a single point of failure that
may block the access to the server in case of failure.
Single Packet Authorization is a variation of Port Knocking that solves some of the challenges
mentioned above, and it consists on reducing the number of sequence attempts to only one,
using a single encrypted packet to authenticate the user that wants to open a specific port.
Whether Port Knocking or Single Packer Authorization or other techniques are deployed, some
security implementations rely completely on Port Knocking to avoid brute-force or any other
forms of attacks.
You Are Only Human, But the Devil’s in the Details
If the password for remote access is weak, it is much more likely to get hijacked even when a
system is highly armored with restrictive policies. In addition to forcing the use of stronger
passwords and two-factor authentication, systems administrators should ensure they are always
running the latest version of any given software to minimize the vulnerabilities and maintain
strong policies about software updates, including ongoing investigations about flaws in the
software they are currently using.
Here are some good sources to check on software vulnerabilities at several exploit databases:
https://cve.mitre.org/, http://www.kb.cert.org/vuls/ or http://www.cvedetails.com/.
Furthermore, be mindful of Pivoting, a technique used when hackers try to access different
devises in an attempt to reach the most critical computer in the network.
The idea behind Pivoting is simple: why would you attack a highly restrictive server directly if
you are able to break into the most vulnerable computer in the network and reach the highly
restrictive server within the organization by pivoting from computer to computer? This is living
proof that a security system is only as strong as its weakest link.
Of course, there are other types of attacks that exploit the human capacity to deliver privileged
information to unauthorized parties, like social engineering and phishing attacks. Even though
those attacks seem to be related to elements outside the direct configuration of your security
perimeter, they can affect it right away depending on the information they allow to be collected.
36 Cyber Warnings E-Magazine – May 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
