- It's the applications, stupid
- Will a whitelist save personal computing?
- Thousands of Web sites under attack
- To solve the unsolvable problem
- Re-thinking the security of virtual machines
- Security Development Lifecycle trumps code complexity
- Is your Web site FIPS compliant?
- Computer security: Why have least privilege?
- Strategic security: Get a handle on authentication
- Control user installs of software
March 22, 2006 | Comments: (0)
Comment to my Port Knocking Article
Feed back to my port knocking article http://www.infoworld.com/article/06/03/17/76466_12OPsecadvise_1.html
From: Chris Schumann
Sent: Tuesday, March 21, 2006 1:55 PM
To: roger_grimes@infoworld.com; letters@infoworld.com
Subject: Port knocking? meh. Try sshdfilter.
Mr. Grimes,
I thought port knocking seemed like an OK idea, but I realized I'd have to replace or upgrade all my clients.
Then I found sshdfilter http://www.csc.liv.ac.uk/~greg/sshdfilter. If someone attempts to connect to my server via ssh without an id string, or guesses a wrong user name, that IP address is blocked from opening any ssh connection for some set time.
Also, for valid accounts, if a wrong password is entered some number of times, that IP address is then blocked for some set time.
I use three days, but even three minutes would make most brute force password guessers give up, and still let me into my machine if I should really happen to get the password wrong three times in a row.
I think it's a fantastic tool, and still lets me get to my machine from anywhere, even if that machine doesn't have port knocking tools available.
Take care,
Chris Schumann
Posted by Roger Grimes on March 22, 2006 05:25 PM
RATE THIS ARTICLE:
-
- COMMENTS
