Port Knocking Benjamin DiYanni.

Slides:

Advertisements

Similar presentations

Module X Session Hijacking

Advertisements

1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Hacker, Cracker?! Are they the same? No!!! Hacker programmers intensely interested in the arcane and recondite workings of any computer operating system.

Security (Continued) V.T. Raja, Ph.D., Oregon State University.

Security Issues and Challenges in Cloud Computing

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Firewall Security Chapter 8. Perimeter Security Devices Network devices that form the core of perimeter security include –Routers –Proxy servers –Firewalls.

Security Awareness: Applying Practical Security in Your World

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Sanjay Goel, School of Business/Center for Information Forensics and Assurance University at Albany Proprietary Information 1 Unit Outline Information.

Security Management IACT 918 July 2004 Gene Awyzio SITACS University of Wollongong.

Firewalls Presented by: Sarah Castro Karen Correa Kelley Gates.

Web server security Dr Jim Briggs WEBP security1.

Beyond Security Ltd. Port Knocking Beyond Security Noam Rathaus CTO Sunday, July 11, 2004 Presentation on.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

Firewalls CS432. Overview  What are firewalls?  Types of firewalls Packet filtering firewalls Packet filtering firewalls Sateful firewalls Sateful firewalls.

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )

Hafez Barghouthi. Model for Network Access Security (our concern) Patrick BoursAuthentication Course 2007/20082.

CECS 5460 – Assignment 3 Stacey VanderHeiden Güney.

CS101 Lecture 14 Security. Network = Security Risks The majority of the bad things that can be done deliberately to you or your computer happen when you.

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

MOBILE DEVICE SECURITY. WHAT IS MOBILE DEVICE SECURITY? Mobile Devices  Smartphones  Laptops  Tablets  USB Memory  Portable Media Player  Handheld.

Lecture 10 Intrusion Detection modified from slides of Lawrie Brown.

Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.

INTRODUCTION. The security system is used as in various fields, particularly the internet, communications data storage, identification and authentication.

Implementing a Port Knocking System in C Honors Thesis Defense by Matt Doyle.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

PRESENTED BY P. PRAVEEN Roll No: 1009 – 11 – NETWORK SECURITY M.C.A III Year II Sem.

Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.

Module 4 Quiz. 1. Which of the following statements about Network Address Translation (NAT) are true? Each correct answer represents a complete solution.

Scanning & Enumeration Lab 3 Once attacker knows who to attack, and knows some of what is there (e.g. DNS servers, mail servers, etc.) the next step is.

Firewall Security.

Switch Features Most enterprise-capable switches have a number of features that make the switch attractive for large organizations. The following is a.

FTP File Transfer Protocol Graeme Strachan. Agenda  An Overview  A Demonstration  An Activity.

Security Vulnerabilities in A Virtual Environment

Overview of Firewalls. Outline Objective Background Firewalls Software Firewall Hardware Firewall Demilitarized Zone (DMZ) Firewall Types Firewall Configuration.

Firewalls2 By using a firewall: We can disable a service by throwing out packets whose source or destination port is the port number for that service.

Role Of Network IDS in Network Perimeter Defense.

“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Regan Little. Definition Methods of Screening Types of Firewall Network-Level Firewalls Circuit-Level Firewalls Application-Level Firewalls Stateful Multi-Level.

Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

SAMET KARTAL No one wants to share own information with unknown person. Sometimes while sharing something with someone people wants to keep.

FIREWALLS By k.shivakumar 08k81f0025. CONTENTS Introduction. What is firewall? Hardware vs. software firewalls. Working of a software firewalls. Firewall.

25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.

Network security Vlasov Illia

An Introduction To ARP Spoofing & Other Attacks

Common Methods Used to Commit Computer Crimes

Instructor Materials Chapter 7 Network Security

Secure Software Confidentiality Integrity Data Security Authentication

Wireless Network Security

Virtual Private Networks

Introduction to Networking

Security of a Local Area Network

Security in Networking

Ways to Secure CMS Websites. The most widely used Content Management Systems are Wordpress, Joomla and Drupal as per statistics. The highest CMS platforms.

Network Security: IP Spoofing and Firewall

Information Security Session October 24, 2005

Firewalls Routers, Switches, Hubs VPNs

Lecture 3: Secure Network Architecture

Faculty of Science IT Department By Raz Dara MA.

Computer Security By: Muhammed Anwar.

Presentation transcript:

Port Knocking Benjamin DiYanni

Ports A port allows software applications to share hardware resources without interfering with each other. Every service or application that you connect to on the Internet listens on a particular port. For the application to work correctly it needs to run on an opened port. Open ports pose a security risk of leaving your machine vulnerable to outside attacks on your network.

Outside Attack Hacker takes control of your PC View your passwords for banking, email, etc… Install malware Watch what you are doing on your computer Copy your data and information to their computer Install remote control software to access your machine anytime Use your computer in coordination with other compromised computers to conduct large scale DDOS attacks

Port Knocking Keeps all ports on network closed Secret “knock” will open a desired port to run an application or to give user remote access to their system The “knock” is the failed attempts to access multiple closed ports in a sequence Ex: Knocking on closed ports 20, 30, and 40 could open a closed port Type of Authentication—The “knock” acts like a password Only legitimate users should know the correct “knock” sequence Must be kept secret among legitimate users Restricts Unauthorized Outside Access into network Illegitimate users can not get in without knowing the correct “knock” sequence

The Knock For a user to initiate a port knock sequence, all ports to the machine are closed. The client trying to gain access to the port attempts to establish a connection but fails. Client fails to establish access to the port since all ports have been closed.

The Knock User attempting to gain access sends out SYN packets to the ports. Must know the correct order in which to knock on the ports. When this happens the user is not able to detect if the ports are listening for a knock or not; the client receives no communication (ACK) from the server when the knock is initiated. This feature will deter a hacker who would be expecting to get a response from the server.

The Knock The knock sequence is then diverted to a Port Knocking daemon. This identifies if the correct ports were knocked on in the correct sequence. It also decrypts the knock sequence if an encryption was implemented. If the correct sequence was followed then the user will be given access to the port and all applications that are running on it. A rule is created for that port to allow connections from that user. To close the port the user sends another knock or specifies a certain amount of time to keep the port open.

Benefits Can completely lock down a system- allowing no external traffic in No reply from server with port knocking Malicious hackers cannot detect if a device is listening for port knocks Hacker must assume that port knocking is being used when all ports are closed Legitimate user can gain remote control to access system resources Authentication information exchange cannot be hacked easily Extra layer of security to system

Considerations Port Knocking is not a complete solution to securing a host and should be included along side other security countermeasures. One concern of port knocking is that it is just a form of “security through obscurity” Once a hacker notices that all ports are closed on a network he can safely assume that port knocking is being implemented It is unlikely but not impossible for a hacker to figure out the “knock” sequence Hacker would have to randomly knock on ports to try and gain access with the secret knock all the while not actually certain if port knocking is even implemented. If hacker is successful in determining the knock sequence Can create dormant backdoor Can come back to access port through back door anytime with own secret knock they create Very difficult to tell when a hacker is successful with this.

Considerations Automated Firewall creating rules Must ensure that firewall creates ONLY rules you intend for it to make once a port is opened Port knocking should not be used for public servers or services that will be used by many users. A webserver using port knocking implementation would require every user to go through a port knocking sequence before they are able to view the webpage

References http://netsecurity.about.com/cs/generalsecurity/a/aa032004.htm https://www.securitymetrics.com/securitythreats_home.adp http://superuser.com/questions/82488/why-is-it-bad-to-have-open-ports http://hack-hour.blogspot.com/2012/02/hacking-system-with-open- port.html http://en.wikipedia.org/wiki/Port_knocking http://www.thegeekstuff.com/2013/10/port-knocking/ http://archive09.linux.com/articles/37888 http://www.portknocking.org/docs/wcsf2003.pdf http://netsecurity.about.com/gi/o.htm?zi=1/XJ&zTi=1&sdn=netsecurity& cdn=compute&tm=486&f=10&su=p284.13.342.ip_p504.6.342.ip_&tt=2& bt=9&bts=9&zu=http%3A//www.linuxjournal.com/article.php%3Fsid%3 D6811

References http://netsecurity.about.com/gi/o.htm?zi=1/XJ&zTi=1&sdn=netsecurity&cdn =compute&tm=483&f=10&su=p284.13.342.ip_p504.6.342.ip_&tt=2&bt=9&bt s=9&zu=http%3A//www.portknocking.org/ http://www.portknocking.org/view/implementations http://www.min.at/prinz/o/software/port/ http://www.portknocking.org/view/resources http://www.portknocking.org/docs/krzywinski-portknocking- sysadmin2003.pdf http://portknocking.sourceforge.net/files/Implementing%20a%20Port%20K nocking%20System%20in%20C.pdf http://www.linuxjournal.com/article/6811 http://www.giac.org/practical/GSEC/Ben_Maddock_GSEC.pdf http://software.newsforge.com/software/04/08/02/1954253.shtml