Presentation is loading. Please wait.

Presentation is loading. Please wait.

Port Knocking Benjamin DiYanni.

Similar presentations


Presentation on theme: "Port Knocking Benjamin DiYanni."— Presentation transcript:

1 Port Knocking Benjamin DiYanni

2 Ports A port allows software applications to share hardware resources without interfering with each other.  Every service or application that you connect to on the Internet listens on a particular port. For the application to work correctly it needs to run on an opened port. Open ports pose a security risk of leaving your machine vulnerable to outside attacks on your network.

3 Outside Attack Hacker takes control of your PC
View your passwords for banking, , etc… Install malware Watch what you are doing on your computer Copy your data and information to their computer Install remote control software to access your machine anytime Use your computer in coordination with other compromised computers to conduct large scale DDOS attacks

4 Port Knocking Keeps all ports on network closed
Secret “knock” will open a desired port to run an application or to give user remote access to their system The “knock” is the failed attempts to access multiple closed ports in a sequence Ex: Knocking on closed ports 20, 30, and 40 could open a closed port Type of Authentication—The “knock” acts like a password Only legitimate users should know the correct “knock” sequence Must be kept secret among legitimate users Restricts Unauthorized Outside Access into network Illegitimate users can not get in without knowing the correct “knock” sequence

5 The Knock For a user to initiate a port knock sequence, all ports to the machine are closed. The client trying to gain access to the port attempts to establish a connection but fails. Client fails to establish access to the port since all ports have been closed.

6 The Knock User attempting to gain access sends out SYN packets to the ports. Must know the correct order in which to knock on the ports. When this happens the user is not able to detect if the ports are listening for a knock or not; the client receives no communication (ACK) from the server when the knock is initiated. This feature will deter a hacker who would be expecting to get a response from the server.

7 The Knock The knock sequence is then diverted to a Port Knocking daemon. This identifies if the correct ports were knocked on in the correct sequence. It also decrypts the knock sequence if an encryption was implemented. If the correct sequence was followed then the user will be given access to the port and all applications that are running on it. A rule is created for that port to allow connections from that user. To close the port the user sends another knock or specifies a certain amount of time to keep the port open.

8 Benefits Can completely lock down a system- allowing no external traffic in No reply from server with port knocking Malicious hackers cannot detect if a device is listening for port knocks Hacker must assume that port knocking is being used when all ports are closed Legitimate user can gain remote control to access system resources Authentication information exchange cannot be hacked easily Extra layer of security to system

9 Considerations Port Knocking is not a complete solution to securing a host and should be included along side other security countermeasures. One concern of port knocking is that it is just a form of “security through obscurity” Once a hacker notices that all ports are closed on a network he can safely assume that port knocking is being implemented It is unlikely but not impossible for a hacker to figure out the “knock” sequence Hacker would have to randomly knock on ports to try and gain access with the secret knock all the while not actually certain if port knocking is even implemented. If hacker is successful in determining the knock sequence Can create dormant backdoor Can come back to access port through back door anytime with own secret knock they create Very difficult to tell when a hacker is successful with this.

10 Considerations Automated Firewall creating rules Must ensure that firewall creates ONLY rules you intend for it to make once a port is opened Port knocking should not be used for public servers or services that will be used by many users. A webserver using port knocking implementation would require every user to go through a port knocking sequence before they are able to view the webpage

11 References port.html cdn=compute&tm=486&f=10&su=p ip_p ip_&tt=2& bt=9&bts=9&zu=http%3A// D6811

12 References =compute&tm=483&f=10&su=p ip_p ip_&tt=2&bt=9&bt s=9&zu=http%3A// sysadmin2003.pdf nocking%20System%20in%20C.pdf


Download ppt "Port Knocking Benjamin DiYanni."

Similar presentations


Ads by Google