Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Get HideMyAss! VPN, PC Mag's Top 10 VPNs of 2016 for 55% off for a Limited Time ×

Comment Re:Security Through Obscurity (Score 4, Insightful) 154

Port knocking has one specific and reasonable purpose: It hides open ports from port scanners. Yes, it's security by obscurity, but as it's supposed to be another layer, it can increase security if, and only if it's simple enough that there is a near-zero chance of introducing new exploitable bugs into the system. Passive monitoring is not necessarily unexploitable. There are bugs in packet capture tools. There will be exploitable bugs in complicated port knocking daemons. Keep port knocking simple and it can be a valuable security enhancement. Make it complicated and it becomes another thing that can break.

Port knocking buys you the time between a new ssh exploit and the fix. It significantly reduces the chance of being found by portscanners and therefore of being hacked. You still have to fix ssh though.

Slashdot Top Deals

Veni, Vidi, VISA: I came, I saw, I did a little shopping.

Working...